One way access between two subnets



  • I have a 1 and 10 subnet.  They both work fine, but I would now like to restrict some access.  My 10 subnet if for IOT and Guests.  I don't want them to have access to the 1 subnet at all.  Additionally I want anyone on the 1 subnet to have full access to the 10 subnet.

    I was able to block access to a specific address 192.168.1.1 (the router) with a rule, I then added pass rule on the 10 subnet that says: for IPV4, any source, any port,  Desitnation !LAN net.  I thought this would only pass traffic out that is not headed to my LAN (subnet 1).  But it doesn't seem to do anything.  I can easily get to my file server, which is what I don't want.

    Do I need to add a block, any, any, destination 192.168.1.0/24, I kind of thought that is what the previous one did.

    thanks,
    david



  • 1)  Clear your states after you make a rule change.  Existing states will continue to function even if blocked by rule.

    2)  Post up a screenshot of your rules so we can see what you're really doing.

    3)  Try to avoid using negate operators.  If you don't want them to access your LAN, put a block right at the top to prevent it.



  • Here is what it looks like today:

    it does block 192.168.1.1, but that is all.  If I change the last rule to a block evertying to the LAN net, then nothing works.  I can't even ping my DNS.

    thanks for the quick response



  • Change your block rule from 192.168.1.1 to LAN network and change the protocol from IPv4 TCP to any.  Move it under your Plex rule.  Change your last access rule from ! LAN net to *.  Done.



  • thank you!

    I never tried both of those changes.

    david