Problem with firewall alies

Started by z_bih, Today at 05:41:14 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
Today at 05:41:14 PM
Hi,

I want to isolate my LAN and OPT1 networks so they cannot access each other. I have tried some configurations, but it doesn't work as expected.

Can someone explain how to set this up correctly?
Right now it only works when I use the 10.0.0.0/24 IP range, but if I add an additional IP address range, I lose my internet connection.

Just to mention, I am a newbie to OPNsense.

Because of limitation of image upload, OPT1 is same firewall rule setup.



 
Today at 05:49:31 PM #1
Set up OPT1 Interface with IP range different from LAN, including DHCP, DNS and outbound NAT.

Create FW rule on LAN to block traffic to OPT1network and vice versa. Done.
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare

felix eichhorns premium katzenfutter mit der extraportion energie

A router is not a switch - A router is not a switch - A router is not a switch - A rou....
Today at 06:01:42 PM #2
Just as a note, in your example ruleset you don't need the negated address in the pass rule, since you already blocked traffic to that destination. Technically you don't need the source address in the block rule, but you might wish to differentiate based on specified parameters. I do that quite a bit for logging (really, log viewing) purposes.
Today at 08:36:38 PM #3 Last Edit: Today at 08:38:29 PM by z_bih
Thanks for your help! I realized I forgot to create an extra rule to allow DNS (port 53).
Print
Go Up Pages1
User actions