Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
18.1 Legacy Series
»
default deny rout blocking LAN+WLAN bridge
« previous
next »
Print
Pages: [
1
]
Author
Topic: default deny rout blocking LAN+WLAN bridge (Read 3929 times)
Raketenforscher
Newbie
Posts: 6
Karma: 0
default deny rout blocking LAN+WLAN bridge
«
on:
May 12, 2018, 11:57:32 am »
This is a translation of my post
https://forum.opnsense.org/index.php?topic=8675.msg38536
to increase the chance of support.
Hello everybody,
I'm the new guy. And I'm trying to switch from IPfire to OPNsense. One reason, among others, is the ability to configure network bridges via GUI in OPNsense.
I attempt to combine LAN and WIFI (WLAN) interfaces to a bridge, so I can use the bridge für DHCP, firewall rules etc. My config so far:
Interfaces
-----------
LAN
- enabled
- no IPv4 address
WLAN
- enabled
- Access Point Mode
- no IPv4 address
INTERN
- Bridge: LAN+WLAN
- IP-address 192.168.1.1/24
Assignments
- INTERN: bridge0 (LAN+WLAN)
- LAN: re0
- WAN: re1
- WLAN: run0_wlan1
DHCPv4
---------
INTERN
- enable
- Subnet 192.168.1.0/24
- Range 192.168.1.200 bis 192.168.1.250
LAN
- DHCPv4 was disabled during initial configuration, but suddenly disappeared totally from the DHCP section in the main menu. Thinking about it, I guess because I disabled the static IP adress lateron, maybe?
Static Mappings
- Notebook, cable:
-- IP 192.168.1.10
-- DNS 192.168.1.2+192.168.1.2 (Pi-Hole, local DNS-Server w/ static IP)
-- Gateway 192.168.1.1
- Tablet, WLAN
-- IP 192.168.1.20
-- rest same as Notebook
FIREWALL RULES
-------------------
INTERN
1) TCPv4, Source INTERN net, SourcePort *, Dest *, DestPort 80+443, GW *
2) UDPv4, Source INTERN net, SourcePort *, Dest *, DestPort 53, GW *
LAN
none, just Anti-Lockout Rule
WLAN
none
Now the problem:
Using the Notebook, I can access the internet with no problems.
Using the WIFI-Tablet, I can not. IP-Address, GW and DNS are correctly supplied by the DHCP Server. I can access the FW using IP 192.168.1.1, which is the static IP Address of the INTERN bridge (see above)
Trying to access other destinations, live view log reads as follows:
Interface WLAN - Source 192.168.1.20 - Dest 192.168.1.2:53 - Default Deny Route
Basically, I got the idea: The tablet 192.168.1.20 is trying to access the DNS-Server 192.168.1.2 via the interface WLAN, which has no rules defined, therefore being blocked by default deny rule.
But why does the tablet use the WLAN interface an not the INTERN bridge? That's why I created the bridge in the first place, so that all clients are in the same subnet, can communicate to each other freely, and I can define rules for both LAN+WLAN at the same time by using the INTERN bridge. Which would be pointless if I had to define rules for WLAN interface as well.
Logged
guest15389
Guest
Re: default deny rout blocking LAN+WLAN bridge
«
Reply #1 on:
May 14, 2018, 03:33:50 pm »
Check the last post here:
https://forum.opnsense.org/index.php?topic=2981.msg29374#msg29374
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
18.1 Legacy Series
»
default deny rout blocking LAN+WLAN bridge