Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
18.7 Legacy Series
»
Firewall-Question: Block a complete Network except WAN and mysql
« previous
next »
Print
Pages: [
1
]
Author
Topic: Firewall-Question: Block a complete Network except WAN and mysql (Read 1506 times)
ruggerio
Sr. Member
Posts: 290
Karma: 11
Firewall-Question: Block a complete Network except WAN and mysql
«
on:
September 04, 2018, 12:35:49 pm »
i recently installed a Container (192.168.9.0/24) on a host machine (192.168.1.0/24) as a Web- and Mailserver. The server uses Mysql on the hostmachine, so it needs remote connection.
Firewall-Rules i assumed:
Network Container network:
In: From WAN to Web an Mail (incl. Portforwarding) - works fine
Out: To specified Ports like DNS per default, IGMP
Host Network:
In: From Container Network, Port 3306, allow only from the Webserver itself
I know the rules are done from the top to the bottom, one by one, the first match decides.
But whatever i do, if there is no rule to allow any traffic from any source on the Network Container network interface, i get no mysql-requests on the host-network. The firewall drops them.
My goal is to isolate the container network, and let just mysql-requests from the container to the host-network.
Thx,
Roger
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
18.7 Legacy Series
»
Firewall-Question: Block a complete Network except WAN and mysql
