Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Block access to privat network on WAN interface
« previous
next »
Print
Pages: [
1
]
Author
Topic: Block access to privat network on WAN interface (Read 5170 times)
ulus
Newbie
Posts: 2
Karma: 0
Block access to privat network on WAN interface
«
on:
March 13, 2017, 03:17:00 pm »
Hello,
our config is :
[ SWITCH ISP] <-> [IPCop] <-> GREEN LAN <-> [OPNSense] <-> RED LAN
What I would like to achieve is deny access from RED to GREEN, except IPCop (GATEWAY to internet).
I can access servers in GREEN which I want to prohibit. I can't use VLAN.
Your help is greatly appreciated.
Regards
ulus
Logged
guest15389
Guest
Re: Block access to privat network on WAN interface
«
Reply #1 on:
March 13, 2017, 03:26:14 pm »
Not sure why you have multiple firewalls as you are going to hit double NAT scenarios.
If I'm understanding your description, your "GREEN" side is the WAN side on OPNSense and "RED" is the LAN side.
The default rule is allow Red to Green.
You can just remove this rule, but not sure what the goal is.
You could also add a rule that allows just to the IP of the IPCop interface, but that wouldn't allow Internet access as traffic flows through for that.
You can also block just the internal "GREEN" Server IPs and drop that if you want to allow everything else but that through.
Logged
ulus
Newbie
Posts: 2
Karma: 0
Re: Block access to privat network on WAN interface
«
Reply #2 on:
March 13, 2017, 09:00:54 pm »
IPCop is a workaround because at time of installation pfsense didn't support the lan cards.
Goal is internet access from RED (single PC) without access to GREEN.
Green is the common company LAN (~50 hosts) .
Customer want's a single workplace/desktop for unrestricted access to internet without access to LAN hosts.
We know this is not a usual case. A redesign needs more time to prepare.
Logged
guest15389
Guest
Re: Block access to privat network on WAN interface
«
Reply #3 on:
March 13, 2017, 09:06:03 pm »
You should be able to do one block rule that stops the RED Network from access to the GREEN and just leave the allow all after it.
Without knowing the IP/Networks, it's hard to say exactly what the rule would be.
Example:
RED: 192.168.1.0/24
GREEN 192.168.2.0/24
Block Source: 192.168.1.0/24 to Destination: 192.168.2.0/24
Allow all * * like the rule I have listed.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Block access to privat network on WAN interface