Hello. I have a Protectli 4 port and configured interfaces at initial opnsense CLI install. I've tried searching around for similar questions but nothing that I've found seems to be working. I'd like to communicate between interfaces and I'm having a tough time getting it working. For starters, I want to be able to connect to machines on an OPT interface (LAB) from computers on my LAN interface. I've tried various any anys in and out on both interfaces to no avail... Thanks for any assistance.
Keep in mind that the OPT interface will default to no communication allowed. This means that if you wish to use DHCP, DNS, etc, you'll have to add rules to allow the OPT subnet to have access to the appropriate OPNSense ports.
> The default rules should allow you to do this with no changes. LAN has access to everything.I believe a rule is needed on every new network created by the addition of a new interface. LAN doesn't get access to them by default and this is what the OP needs.On OPT interface you need a rule:Action: passInterface : OPTDirection : inTCP and Protocol : to your needsSource: LAN netDestination: OPT net
Quote from: CJ on November 05, 2023, 03:48:28 pmKeep in mind that the OPT interface will default to no communication allowed. This means that if you wish to use DHCP, DNS, etc, you'll have to add rules to allow the OPT subnet to have access to the appropriate OPNSense ports.That is incorrect: The default automatic rules will allow DNS, DHCP, IPv6 RFC4890 requirements, CARP defaults, and even allow outgoing traffic to WAN. Some other rules for Crowdsec and virusprot are there as well if the services are enabled (likewise with DHCP). For me, there were 20 automatic rules. Also, applicable floating rules will match. You can check this in the automatic and floating rules section for the interface.But, there are no NAT rules and nothing else, like inter-VLAN traffic. This is enabled by a default initial rule on the LAN interface, which is missing from all other newly created interfaces.
Quote from: cookiemonster on November 05, 2023, 11:43:00 pm> The default rules should allow you to do this with no changes. LAN has access to everything.I believe a rule is needed on every new network created by the addition of a new interface. LAN doesn't get access to them by default and this is what the OP needs.On OPT interface you need a rule:Action: passInterface : OPTDirection : inTCP and Protocol : to your needsSource: LAN netDestination: OPT netThe default LAN rule allows access to any/any from LAN. Why would that not work to connect to a different interface?