Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
23.1 Legacy Series
»
<SOLVED> Rules to access internet with multiple VLANs and IPv6
« previous
next »
Print
Pages: [
1
]
Author
Topic: <SOLVED> Rules to access internet with multiple VLANs and IPv6 (Read 3332 times)
Lowrider614
Newbie
Posts: 8
Karma: 0
<SOLVED> Rules to access internet with multiple VLANs and IPv6
«
on:
March 09, 2023, 01:04:33 pm »
Hello,
I just switched from Sophos UTM to OPNSense so I am still new to OPNSense.
I would like to understand what is best practice to create firewall rules in OPNSense in the followin scenario.
One WAN interface
Four VLANs to separate my network
IPv4 and IPv6 enabled and running on all interfaces and (sub)nets
Target:
Allow internet access from the different internal subnets to the internet without allowing inter VLAN traffic.
Have as few firewall rules as possible for that.
In Sophos there is an object called "Internet" that you can use instead of "any" and by changing the standard Any -> any rule it is achieved what I want.
After reading through here
https://forum.opnsense.org/index.php?topic=28447
I guess its not that easy in OPNsense.
Hoping for tipps and already thanking you in advance,
Tim
«
Last Edit: March 29, 2023, 09:25:53 pm by Lowrider614
»
Logged
Wirehead
Newbie
Posts: 31
Karma: 3
Re: Rules to access internet with multiple VLANs and IPv6
«
Reply #1 on:
March 09, 2023, 07:36:59 pm »
For IPv4 on one of those "private" subnets, that should not talk to other "private" subnets, I have a rule with a negated destination (e.g. !rfc1918). It basically says "allow to all, except private ipv4 addresses"
For IPv6 "private" subnets, that should not talk to other "private" ipv6 subnets, I have a rule that allows to "*" (=anything), but in the GW, I put my WAN_GWv6.
That seems to do the trick
If anyone has a better idea, do chime in
Logged
Lowrider614
Newbie
Posts: 8
Karma: 0
Re: Rules to access internet with multiple VLANs and IPv6
«
Reply #2 on:
March 10, 2023, 10:03:09 pm »
Thanks, sounds like a good idea. I will give it a try.
One question: Why not make the same approach for IPv4? Shouldn't it work the same way?
I just like to keep things simple, so having the same scheme for IPv4 and IPv6 will allow my stupid brain to realize quickly in a couple of month why I did that this way.
Logged
Lowrider614
Newbie
Posts: 8
Karma: 0
Re: Rules to access internet with multiple VLANs and IPv6
«
Reply #3 on:
March 29, 2023, 09:25:24 pm »
This solution works.
Thanks!
Logged
shudut
Newbie
Posts: 1
Karma: 0
Re: <SOLVED> Rules to access internet with multiple VLANs and IPv6
«
Reply #4 on:
October 25, 2023, 07:31:58 pm »
Hi,
Could you also tell me the Firewall Rule for VLANs to access Internet?
Currently my hosts machines get allocated with VLAN 10 IP address through DHCP 192.168.10.x (Using VLAN tagging in TPLink Switch), but these machines could not able to access Internet.
My VLAN interface is build on LAN parent, that leads to a question should I change it to WAN?
Any leads would be highly appreciated.
Logged
Patrick M. Hausen
Hero Member
Posts: 6807
Karma: 572
Re: <SOLVED> Rules to access internet with multiple VLANs and IPv6
«
Reply #5 on:
October 25, 2023, 07:40:20 pm »
I proposed an alternative approach for IPv6 here:
https://forum.opnsense.org/index.php?topic=28447.msg138309#msg138309
HTH,
Patrick
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
23.1 Legacy Series
»
<SOLVED> Rules to access internet with multiple VLANs and IPv6