Need help understanding VLAN rules

Started by Minny Minny, July 10, 2022, 03:21:13 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
July 10, 2022, 03:21:13 PM
My network has four VLANs, each represented by an interface on my OPNsense host - WAN, LAN, management (MGMT) and IoT - each with their own IP subnet.  The MGMT VLAN is for SNMP traffic, VM movement, accessing iLO/DRAC, etc.

My goal is to restrict anything originating from within MGMT or IoT VLANs from getting out, but to allow only my LAN-based hosts to initiate sessions with devices on the MGMT and IoT VLANs.

I have the default "LAN to anywhere" rules, but that doesn't seem to allow me to get into the management VLAN from my LAN-connected host.  And so I'm sure I'm just confused as to where I would put the rules for accessing the other VLANs from the LAN VLAN.  Would that be on the MGMT and IoT interfaces, or the LAN interface?  I've tried putting in rules for allowing traffic from LAN to MGMT (using both "in" and "out") on the MGMT interface, but I still can't ping or access any hosts.

Or is this a routing issue?  I was under the impression that OPNsense automatically knew routing between its own interfaces.

Might anyone be able to point me to something up to date on managing inter-VLAN traffic?  I've looked at a few blogs and such, but they seem to be for much older versions and the interface and rule management have changed over time.
Thanks!

แทงบาคาร่าออนไลน์
July 11, 2022, 12:59:25 AM #1 Last Edit: July 11, 2022, 10:17:03 AM by Greelan
Edit: my bad, I shouldn't answer posts while doing 5 other things. xD Your LAN rule should allow access. What rules have you put on the MGMT interface?

Otherwise could be a switch issue
September 15, 2022, 05:49:47 AM #2
Quote from: Minny Minny on July 10, 2022, 03:21:13 PM
My network has four VLANs, each represented by an interface on my OPNsense host - WAN, LAN, management (MGMT) and IoT - each with their own IP subnet.  The MGMT VLAN is for SNMP traffic, VM movement, accessing iLO/DRAC, etc.

My goal is to restrict anything originating from within MGMT or IoT VLANs from getting out, but to allow only my LAN-based hosts to initiate sessions with devices on the MGMT and IoT VLANs.

I have the default "LAN to anywhere" rules, but that doesn't seem to allow me to get into the management VLAN from my LAN-connected host.  And so I'm sure I'm just confused as to where I would put the rules for accessing the other VLANs from the LAN VLAN.  Would that be on the MGMT and IoT interfaces, or the LAN interface?  I've tried putting in rules for allowing traffic from LAN to MGMT (using both "in" and "out") on the MGMT interface, but I still can't ping or access any hosts.

Or is this a routing issue?  I was under the impression that OPNsense automatically knew routing between its own interfaces.

Might anyone be able to point me to something up to date on managing inter-VLAN traffic?  I've looked at a few blogs and such, but they seem to be for much older versions and the interface and rule management have changed over time.
Thanks!

แทงบาคาร่าออนไลน์


to get 1 valn to talk to another is TO easy imo

in your case  IOT network >  management network = pass (any)  done = works
1 rule will let the iot from iot network talk to that network
should work with no real issues.

my issue is everything or nothing gets internet i cannot figure out WHY how many rules do you need 1 ? 1 for each?  default is def not block local thats for sure even if the ip's are weird
Print
Go Up Pages1
User actions