Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
cannot configure firewall rules for intervlan routing
« previous
next »
Print
Pages: [
1
]
Author
Topic: cannot configure firewall rules for intervlan routing (Read 415 times)
OPNsensame
Newbie
Posts: 2
Karma: 0
cannot configure firewall rules for intervlan routing
«
on:
August 30, 2024, 05:04:49 am »
I'm fairly new to OPNsense so apologies in advance if this has an obvious solution.
I'm running a testing version of OPNsense in a Proxmox container to try out various rules and vlans before I put them on my main router. My goal is to segment my network into multiple VLANs/subnets, with my trusted devices in one VLAN, servers in another, and MGMT in a third (adding more VLANs at a later time).
So far, my configuration is set up as follows:
My LAN interface is set as 192.168.2.1/24, no VLAN tagging
OPT1 is 192.168.1.1/27 and is my Trusted VLAN, tagged 10
OPT2 is 192.168.1.46/28 and is my Servers VLAN, tagged 20
I have two VMs, one on VLAN 10, 192.168.1.3 (PC) and one on VLAN 20, 192.168.1.40 (Server)
I have two firewall rules set that I believe should allow access from Trusted VLAN to Servers VLAN and vice versa.
If I am on the PC VM, I cannot ping the server IP but I can reach the OPNsense GUI via 192.168.1.46 and 192.168.1.1
If I am on the server VM, I cannot ping the PC IP or reach the OPNsense GUI via 192.168.1.1, but I can reach it through 192.168.1.46.
If I disable VLAN tagging and just use the default VLAN 1, I can access the GUI from 192.168.2.1, 192.168.1.1, and 192.168.1.46 from PC, and 192.168.2.1 and 192.168.1.1 from the server.
To my knowledge, both my firewall rules should allow access both ways, but for some reason only parts of the traffic seems to be going through. If I disable my "allow access to Servers" firewall rule in the Trusted interface, then I can no longer access my GUI via 192.168.1.46, which makes sense. But the identical rule on the Servers firewall has no affect.
I'm at a loss for what's preventing me from reaching the other side of the network at this point. Neither interface is blocking private networks and I do not have firewalls enabled on either host for the VMs (both Linux distros). OPNsense is listening on all interfaces.
Any guidance would be appreciated. Can't for the life of me figure out how to make my images small enough to post here so I had to do an Imgur link.
https://imgur.com/a/OuPXjDI
«
Last Edit: August 30, 2024, 05:14:22 am by OPNsensame
»
Logged
dseven
Sr. Member
Posts: 303
Karma: 33
Re: cannot configure firewall rules for intervlan routing
«
Reply #1 on:
August 30, 2024, 10:32:38 am »
It sounds to me like the default route on your server VM is not pointing to 192.168.1.46.... or, more accurately, that the server VM doesn't have a route to the PC subnet that points to the firewall. It's also possible (actually probably more likely, the more I think about it) that the subnet mask is set incorrectly on the server VM's interface, so it thinks that 192.168.1.0/27 is local.
«
Last Edit: August 30, 2024, 11:03:54 am by dseven
»
Logged
OPNsensame
Newbie
Posts: 2
Karma: 0
Re: cannot configure firewall rules for intervlan routing
«
Reply #2 on:
August 30, 2024, 05:44:34 pm »
I think you may be on to something! I checked the IP address info for both VMs, PC is Linux Mint and Server is Lubuntu.
PC: 192.168.1.3
CIDR: 255.255.255.224
Default route: 192.168.1.1
DNS: 192.168.1.1
Server: 192.168.1.40 and 192.168.2.2
CIDR: 255.255.255.240 and 255.255.255.0
Default route: 192.168.2.1
DNS: 192.168.1.46
So it looks like I did something wildly wrong with the Lubuntu config which caused the network manager to grab two IP addresses. I spun up a clone of the Linux Mint install and set it to VLAN 20. AFter letting DHCP do its thing I was able to ping across from VLAN 20 to VLAN 10 and vice versa, and I was able to reach the OPNsense GUI from 192.168.1.1 and 192.168.1.46 on both machines. Thanks so much for your help, I can't believe the issue was right there in front of me haha
https://imgur.com/a/AJrc5dq
«
Last Edit: August 30, 2024, 05:48:08 pm by OPNsensame
»
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
cannot configure firewall rules for intervlan routing