Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
wrong setup do not segmentation on vlans
« previous
next »
Print
Pages: [
1
]
Author
Topic: wrong setup do not segmentation on vlans (Read 1454 times)
poisonFW
Newbie
Posts: 3
Karma: 0
wrong setup do not segmentation on vlans
«
on:
October 22, 2021, 05:51:24 pm »
Hi, i have a wrong setup because I do not have a segmentation on the vlans; i tried to add rules to blocks all traffic from others vlans and leave only the possibility to exit on the wan; but these rules never applied, and this default rule
"let out anything from firewall host itself"
is activated instead.
here a simple draw of the network:
https://ibb.co/3hngxpY
here the log on the activation rule:
Code:
[Select]
vlan_SERVICE
Oct 22 17:22:38
10.10.0.253
10.40.0.253
icmp
let out anything from firewall host itself
the ping commnad i execute on a host on other vlan and I expected it to fail.
what settings should i see to restore vlan traffic isolation?
Logged
Greelan
Hero Member
Posts: 1028
Karma: 72
Re: wrong setup do not segmentation on vlans
«
Reply #1 on:
October 23, 2021, 04:30:50 am »
This discussion should give you the idea:
https://forum.opnsense.org/index.php?topic=25228.0
Otherwise post your rules here for troubleshooting
Logged
poisonFW
Newbie
Posts: 3
Karma: 0
Re: wrong setup do not segmentation on vlans
«
Reply #2 on:
October 25, 2021, 03:19:02 pm »
I resolved it with the rules you have cited, now I use these rules:
VLAN1
allow all traffic incoming from vlan control [vlan10]
block all traffic from others vlans [ ! vlan1]
allow all traffic incoming [to wan and beyond]
it works how i think it shuld be; thx
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
wrong setup do not segmentation on vlans