Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Best way to isolate an IP from everything BUT the internet

    Scheduled Pinned Locked Moved Firewalling
    23 Posts 3 Posters 2.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • DerelictD
      Derelict LAYER 8 Netgate
      last edited by

      You cannot do it in the switch there. mvneta0 is not part of the built-in switch. If you really want to use that OPT1 port, and don't want to hassle the VLAN or put a switch on it, then just change the assignment for  OPT1 to mvneta0 instead of VLAN 320 on mvneta0 and it will start working.

      Chattanooga, Tennessee, USA
      A comprehensive network diagram is worth 10,000 words and 15 conference calls.
      DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
      Do Not Chat For Help! NO_WAN_EGRESS(TM)

      1 Reply Last reply Reply Quote 0
      • I
        ice_mf_mike
        last edited by

        @Derelict:

        You cannot do it in the switch there. mvneta0 is not part of the built-in switch. If you really want to use that OPT1 port, and don't want to hassle the VLAN or put a switch on it, then just change the assignment for  OPT1 to mvneta0 instead of VLAN 320 on mvneta0 and it will start working.

        ok perfect.  That worked.  So let me ask you one last question.  If i wanted to do this for one of my LAN ports, is that possible?  Or is my best best connecting a switch to the opt1 port and using that for anything i want segmented from the rest of the network?

        Thanks again.

        1 Reply Last reply Reply Quote 0
        • DerelictD
          Derelict LAYER 8 Netgate
          last edited by

          You could tweak the switch into doing what you want by putting it in dot1q mode with VLAN 320 on mvneta0, then configuring the switch to be tagged on port 5 and untagged on one of the 4 edge ports.

          But if you're happy with how you have it just connect OPT1 to a switch (managed or unmanaged) and connect all of the devices you want on that network to that switch.

          Chattanooga, Tennessee, USA
          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          1 Reply Last reply Reply Quote 0
          • P patrickdickey52761 referenced this topic on
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.