4 interfaces, 1 wan, 3 lans, 1 vpn

Started by tekgeek, September 28, 2018, 03:18:58 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
September 28, 2018, 03:18:58 AM Last Edit: September 28, 2018, 04:38:10 AM by tekgeek
FIXED:
See 2nd post


So im trying to set up OPNsense with 3 LANs, a gateway, a vpn, and 4 physical interfaces.

bce0 - WAN     : DHCP from cable modem       : will soon be upgrading to gigabit internet, currently just 300/75     

bce1 - LAN       : 10.10.1.1/24                       : TV's, Roku's, "Smart" devices, gaming devices, WIFI 1

bce2 - PIA        : 10.10.2.1/24                       : Servers, Desktops, Laptops, Cell Phones, WIFI 2

bce3 - MAN      : 10.10.0.1/24                        : Switches, IPMI (ILO, DRAC, BMC), UPCs, Tape Library


I want every device accessible to each other but.....
-The devices on the PIA lan should only be able to access the internet via the PIA VPN
-LAN - WAN
-MAN - no internet access,

I can get the interfaces configured and DHCP working on all the networks, but when it comes to the firewall im completely useless. I've been using pfSense guides and just general poking around to get this far. Opnsense's firewall is a lot different than pfSense's, and ive always just let the firewall do it own thing in the past with a simple 2 interfaces 1 WAN, 1 LAN config, with NAT.

So starting with a factory reset then the guided setup. Here is what I've done:
-add the 2 other interfaces and configured DHCP for them
-Copied/modified the default allow all rules to all the LAN's
-when that failed to allow a ping from one lan to another I tried adding allow rules in both directions on all lans, still no ping

haven't touched anything else? What should I do next? I can get internet on all LAN's and can ping the other LAN interfaces but I cant ping any clients in the LANs.



LAN : CAN reach the internet and ping opnsense MAN and PIA interfaces. CANNOT ping any computer on MAN or PIA

MAN : CAN reach the internet and ping  opnsense LAN and PIA Interfaces. CANNOT ping any computer on LAN or PIA

PIA : CAN reach the internet and ping opnsense LAN and MAN interfaces. CANNOT ping any computer on LAN or MAN

I feel like all my firewall rules are redundant except the copied default rule? What am I missing? I havent had a more complicated setup than a Netgear or Linksys WIFI router? So im a bit out of my dept.

Current firewall rules:

LAN
Code Select
Firewall: Rules: LAN
Add
Proto Source Port Destination Port Gateway Schedule Description
* * * LAN Address 443, 80 * Anti-Lockout Rule
IPv4 * LAN net * * * * Default allow LAN to any rule    
IPv4 * LAN net * PIA net * *    
IPv4 * PIA net * LAN net * *    
IPv4 * LAN net * MAN net * *    
IPv4 * MAN net * LAN net * *

PIA
Code Select
Firewall: Rules: PIA
Add
Proto Source Port Destination Port Gateway Schedule Description
IPv4 * PIA net * * * * Default allow PIA to any rule    
IPv4 * PIA net * LAN net * Null4    
IPv4 * LAN net * PIA net * Null4    
IPv4 * PIA net * MAN net * *    
IPv4 * MAN net * PIA net * *

MAN
Code Select
Firewall: Rules: MAN
Add
Proto Source Port Destination Port Gateway Schedule Description
IPv4 * MAN net * * * * Default allow WAN to any rule    
IPv4 * MAN net * LAN net * *    
IPv4 * LAN net * MAN net * *    
IPv4 * MAN net * PIA net * *    
IPv4 * PIA net * MAN net * *    


WAN
Code Select
Firewall: Rules: WAN
Add
Proto Source Port Destination Port Gateway Schedule Description
* RFC 1918 networks * * * * Block private networks
* Reserved/not assigned by IANA * * * * Block bogon networks
September 28, 2018, 04:37:12 AM #1
Nevermind.......It was the windows firewall......i removed the extra firewall entries and everything works with default pass all entries.

Can i use a "floating" entry to allow all on all interfaces.....then restrict things with deny entries?.....New to firewalls and networking, i could always get by with one subnet in the past. Adding PIA to the mix has complicated things.
Print
Go Up Pages1
User actions