need help with firewall block rule for guest VLAN

wgstarks

Devices are unable to get internet access on my guest network and I've narrowed the problem down to my firewall admin block rule. My intent is to allow access to DHCP, DNS, etc and only block admin access.

Current rules-
Screen Shot 2022-02-09 at 9.03.31 PM.png

ADMIN_PORTS alias-
Screen Shot 2022-02-09 at 9.04.56 PM.png

If I disable the Admin Block rule devices have internet access. What do I need to change?

wgstarks

I'm an idiot.
After posting I realized it's not the admin block rule I was disabling. It's the LOCAL_SUBNETS block rule. I've changed the title accordingly.

I want to set this up to block access to other subnets from the guest network but the current one seems to be blocking traffic to WAN.

LOCAL_SUBNETS alias-
Screen Shot 2022-02-09 at 9.28.15 PM.png

A Former User

@wgstarks ok, look at this example:

as shown here before block RFC you must place your rule of what you want to allow.

then what you want to block and finally step to everything.

do you understand me?

wgstarks

@silence
I think I understand but still can't seem to get it to work. I setup a pass rule for WAN but still no internet access.

Screen Shot 2022-02-09 at 10.04.00 PM.png

A Former User

@wgstarks said in need help with firewall block rule for guest VLAN:

I think I understand but still can't seem to get it to work. I setup a pass rule for WAN but still no internet access.

nooo, please remove this rule.

Remove this from your alias here is your problem.

wgstarks

@silence said in need help with firewall block rule for guest VLAN:

@wgstarks said in need help with firewall block rule for guest VLAN:

I think I understand but still can't seem to get it to work. I setup a pass rule for WAN but still no internet access.

nooo, please remove this rule.

Remove this from your alias here is your problem.

Like I said before, I'm an idiot. I really should have seen that right off. Glad you did. Thanks for the help.

A Former User

@wgstarks said in need help with firewall block rule for guest VLAN:

Thanks for the help.

Do not forget to like the comment that helps you please.

wgstarks

@silence
Tried to like it twice but I guess that's not allowed.

A Former User

@wgstarks said in need help with firewall block rule for guest VLAN:

Tried to like it twice but I guess that's not allowed.

Please click here.

johnpoz

@wgstarks said in need help with firewall block rule for guest VLAN:

I setup a pass rule for WAN but still no internet access.

Wan net is just that the specific network attached to your wan, lets say 1.2.3.0/24 if that is the network your isp or you assigned to your "wan net" that would not be say googledns at 8.8.8.8 or www.netgate.com or any other "internet' IP it would just be your actual wan net.

btw @Silence that little plus sign is to follow you, not give you a rep point via "liking" your post..

And no you can not like something more than once ;)