Creating isolated NIC
-
Hi,
Following on from this thread (https://forum.netgate.com/topic/160866/dangers-of-upnp?_=1613582533951) I am trying to create a 'dirty nic', which I will then attach an AP too.I want this NIC to have full WAN access, but no access to the existing LAN or WIFI interfaces (or networks)
I tried creating a rule from badwifi interface of :
IPV4*
Source: Badwifi-net
Destination: WAN-net
With any port, but i fail to get a response from 8.8.8.8If I create a rule with:
IPV4*
Source: Badwifi-net
Destination: Any
With any port, and it works fine (i.e. get a response from 8.8.8.8).The problem with the second rule though is that devices on badwifi-net can get to LAN and WIFI addresses.
What am i doing wrong please? I just want badwifi-net to be able to get to Internet resources (including 8.8.8.8) but no resources on LAN/WIFI. I then plan to enable UPnP on badwifi-net for my sons xbox.
Thanks in advance.
-
"Destination: WAN-net" allows to that subnet only and you're trying to get to "the world." I would add a rule above the "Destination: Any" one that blocks from Badwifi-net to LAN, and Badwifi-net to WIFI.
-
Yeah you need at least two rules, so for example:
Deny Badwifi-net to LANnet
Pass Badwifi-net to anyBut you probably actually want:
Pass Badwifi-net to Badwifi-address UDP port 53. Allow DNS
Deny Badwifi-net to 'This Firewall'
Deny Badwifi-net to LANnet
Pass Badwifi-net to anySteve
-
Great thanks all.