another set of "How to" questions

Started by P01, November 18, 2024, 10:23:09 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
November 18, 2024, 10:23:09 PM
I'm looking to move from pfsense to opnsense and trying to reproduce my pfsense setup, Here's my initial goals and where I'm getting stuck and need help. On pfsense I have three interfaces, WAN, LAN and LAN2. Lan and LAN2 are firewalled off from each other. On LAN2 I have streaming devices and WiFi that I want isolated from the Lan interface. On LAN we have our desktops, printer, NAS and Cams and would like the Cams, printer and NAS restricted from internet access.

I don't know if this is a best practice and unlike pfsense I setup a Floating FW rule on opnsense which blocks pings from LAN2 to Lan but not both ways as in pfsense but I could live with that if that's how it is. On the Lan interface I want to block access for certain devices but I can't find any examples of blocking a range of IP's for cams and or individual IPs such as for printer and our NAS. How do I block a static IP or an IP range from Wan access? Thanks in advance
November 18, 2024, 10:43:56 PM #1
Create a deny rule with the IP or range of IPs as source address, place before the allow rule for all other sources.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
November 19, 2024, 04:47:03 AM #2
Thank you, I think it might be working. I'll test again tomorrow.
November 20, 2024, 07:03:34 AM #3
Just out of curiosity, pick a device (machine-A) on LAN2 that is not supposed to be able to ping LAN.

If you "statically" assign "machine-A" an IP address from the LAN Subnet, then "machine-A" most likely be able to ping LAN from LAN2.

If this is not the behavior you want then you will need to add VLANs and possibly L2 switches depending on your topology.
Print
Go Up Pages1
User actions