One way access between two subnets
-
I have a 1 and 10 subnet. They both work fine, but I would now like to restrict some access. My 10 subnet if for IOT and Guests. I don't want them to have access to the 1 subnet at all. Additionally I want anyone on the 1 subnet to have full access to the 10 subnet.
I was able to block access to a specific address 192.168.1.1 (the router) with a rule, I then added pass rule on the 10 subnet that says: for IPV4, any source, any port, Desitnation !LAN net. I thought this would only pass traffic out that is not headed to my LAN (subnet 1). But it doesn't seem to do anything. I can easily get to my file server, which is what I don't want.
Do I need to add a block, any, any, destination 192.168.1.0/24, I kind of thought that is what the previous one did.
thanks,
david
-
1) Clear your states after you make a rule change. Existing states will continue to function even if blocked by rule.
2) Post up a screenshot of your rules so we can see what you're really doing.
3) Try to avoid using negate operators. If you don't want them to access your LAN, put a block right at the top to prevent it.
-
Here is what it looks like today:
it does block 192.168.1.1, but that is all. If I change the last rule to a block evertying to the LAN net, then nothing works. I can't even ping my DNS.
thanks for the quick response
-
Change your block rule from 192.168.1.1 to LAN network and change the protocol from IPv4 TCP to any. Move it under your Plex rule. Change your last access rule from ! LAN net to *. Done.
-
thank you!
I never tried both of those changes.
david
