Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Just trying to block a port [SOLVED]
« previous
next »
Print
Pages: [
1
]
Author
Topic: Just trying to block a port [SOLVED] (Read 512 times)
nocturno
Newbie
Posts: 6
Karma: 0
Just trying to block a port [SOLVED]
«
on:
October 04, 2024, 09:43:16 pm »
Hi, I have an iotnetwork vlan I add my NAS to this vlan just so I can make backups to home assistant but in this NAS I'm running docker with other services for example portainer that runs on port 9443 I try every single way to block it but it don't work. Here are my firewall rules. I already try different orders but nothing.
«
Last Edit: October 05, 2024, 05:43:39 pm by nocturno
»
Logged
EricPerl
Jr. Member
Posts: 85
Karma: 1
Re: Just trying to block a port
«
Reply #1 on:
October 04, 2024, 11:36:45 pm »
IMO, there's missing context here. iotnetwork is 10.1.20.0/24 ?
And 10.1.20.3 is your NAS?
Are you trying to prevent random clients in the vlan to access a server in the vlan?
Because that's not going to work. Your switches alone are going to handle that traffic. Such traffic is not going to reach the router, thus can't be blocked there.
Logged
nocturno
Newbie
Posts: 6
Karma: 0
Re: Just trying to block a port
«
Reply #2 on:
October 05, 2024, 02:45:24 am »
Yes that's exactly what I'm trying to do client 10.1.20.x can't access the 10.1.20.3:9443. Do you know where can I blocked? Thank you
Logged
cookiemonster
Hero Member
Posts: 1821
Karma: 95
Re: Just trying to block a port
«
Reply #3 on:
October 05, 2024, 04:20:09 pm »
next time please put your pictures on this forum instead of external sites. Many people here can't/won't click on them. So you get quick help.
> Do you know where can I blocked? Thank you
Not in OPN. It doesn't see that traffic, so can't do anything about it.
Leaves you as the application or OS on source or destination to work with only.
OS level firewall or application allow/blocks, that sort of thing.
Logged
nocturno
Newbie
Posts: 6
Karma: 0
Re: Just trying to block a port
«
Reply #4 on:
October 05, 2024, 04:58:31 pm »
I'm trying a different approach. Remove the NAS form the iotnetwork vlan Thant way it need to go through OPNsense and in Opnsense open de Portainer port using the source iotnetwork (10.1.20.5) to the management network (10.1.1.3). I'm not sure if it's the best way but I will try it. Thank You
Logged
cookiemonster
Hero Member
Posts: 1821
Karma: 95
Re: Just trying to block a port
«
Reply #5 on:
October 05, 2024, 05:27:17 pm »
Yep, going traffic going from one network to another will go through the router. The you can apply a rule.
Logged
EricPerl
Jr. Member
Posts: 85
Karma: 1
Re: Just trying to block a port [SOLVED]
«
Reply #6 on:
October 07, 2024, 06:30:57 pm »
@nocturno, you probably want to step back and think about how you want to use VLAN isolation with regards to your clients and servers.
Putting them in different VLAN makes things easier for isolation but more difficult for discovery.
For example, it appears that some folks have HA running in a separate VLAN (not IOT).
It could be easier to deal with HA NAS setup across VLANs though.
Even if you'd kept everything in IOT (your original setup), as cookiemonster said, a simple FW rule on your NAS could have accomplished the task.
Some managed networking stacks (e.g. TP-link Omada and likely Ubiquiti Unifi) also allow that level of control at the switch level.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Just trying to block a port [SOLVED]