Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Block internet access from VLAN. But whats the right way to do it?
« previous
next »
Print
Pages: [
1
]
Author
Topic: Block internet access from VLAN. But whats the right way to do it? (Read 792 times)
mvdheijkant
Newbie
Posts: 29
Karma: 1
Block internet access from VLAN. But whats the right way to do it?
«
on:
May 10, 2024, 08:01:25 pm »
I'm using several VLAN's that all have access to the internet, it's own VLAN and DNS on LAN, but nothing else on the network. See GUEST VLAN.jpg.
I think this looks fine.
My problem is with the camera network that I also don't want to give internet access.
Despite trying all kind of rules, I did not get a good result at first.
Except when adding the blocking rule on top of the others that is shown on the CAM VLAN.jpg.
What can I say, it works but i have the feeling its a bit of a novice solution.
The DNS access can also be obsoleted I gather.
Can you help me, or show me your solutions for this problem?
Thanks.
«
Last Edit: May 10, 2024, 08:54:09 pm by mvdheijkant
»
Logged
Patrick M. Hausen
Hero Member
Posts: 6853
Karma: 575
Re: Block internet access from VLAN. But whats the right way to do it?
«
Reply #1 on:
May 10, 2024, 09:29:00 pm »
What is the network good for if it doesn't have access to anything?
Anyway with no rule at all you will probably achieve that result. DHCP will still work because there are automatic rules for that, but nothing else will.
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
Brink7564
Newbie
Posts: 12
Karma: 1
Re: Block internet access from VLAN. But whats the right way to do it?
«
Reply #2 on:
May 11, 2024, 12:01:14 am »
I think they mean they only want to access the network locally.
If that's the case, you'd have to create rules on the interface(s) which should have access to the camera network. I suppose something like this:
Interface: LAN (or whichever VLAN you want to access the camera network from)
Protocol: TCP/UDP (or just TCP or UDP, depending on your needs)
Source: LAN net
Destination: IP(s) of the camera, OR the camera network net for simplicity (e.g.
CAM VLAN net
)
Destination port range: any (if you know the ports your cameras need then use those. If e.g. you simply want to access a web portal to your cameras, use 80 or 443 depending on encryption or not)
I believe you don't need to configure any firewall rules on the CAM VLAN interface.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Block internet access from VLAN. But whats the right way to do it?