Firewall Rules not working
-
Hello,
I have below setup allowing a single device access via WAN Gateway (non-VPN), all others via VPN Gateway only. The issue is, my single device doesn't get the internet connection at all after this setup: (please let me know if you need more information on the setup). My idea is to have couple of devices go through the non-VPN gateway, how can I achieve this?
-
@yupq6wlc79ts Hey
See my rules
The order of the rules is important
I hope the picture will help you to understand how to do it
-
Thank you for your reply, but can you please elaborate on your answer?
-
@yupq6wlc79ts said in Firewall Rules not working:
Thank you for your reply, but can you please elaborate on your answer?
I showed you an example of how you can implement what you need
When part of the traffic goes to the tunnel and the other uses the default gateway -
Looks somewhat similar to what I already did, trying to figure out what I did wrong there!
Also, it would have helped to understand "What you did".
-
@yupq6wlc79ts said in Firewall Rules not working:
Looks somewhat similar to what I already did, trying to figure out what I did wrong there!
Also, it would have helped to understand "What you did".Can you explain what needs to be implemented ?
What ip addresses should use the default gateway or use a VPN ?
What traffic should not get into the tunnel ?
What I see now from You is that all IPv4 traffic from Lan Net goes to the Internet through the NORDVPN gateway. -
Sure.
Can you explain what needs to be implemented ?
I have three Gateways:
WAN - Only 5 specific devices should go via WAN.
(Default Gateway) VPN-IPv4 - All devices should go via VPN IPv4
VPN-IPv6 - DisabledWhat ip addresses should use the default gateway or use a VPN ?
All devices should use default gateway VPN-IPv4, expect 5 devices which I want to send via WAN.
What traffic should not get into the tunnel ?
Not sure.
What I see now from You is that all IPv4 traffic from Lan Net goes to the Internet through the NORDVPN gateway.
Yes. That's correct, all IPv4 traffic goes to Lan Net to Internet via NORDVPN. All I want now is, 5 specific devices should go directly to the internet without VPN.
So I started with 1 example of 192.168.1.253, and selected WAN_DHCP as a gateway. I don't get any internet via this rule, so I disabled it for now (screenshot). How can I achieve this?
-
@yupq6wlc79ts
Rules for 5 devices must be first
and the last one should be the rule for NORDVPNA deny rule for IPv6 does not need
-
That's exactly how I setup my 1 device to test the rule but when I do this, I don't get any internet connection on my single device. That's the issue.
-
@yupq6wlc79ts
I understand your problem.
NORDVPN - OPENVPN ? -
Yes, OpenVPN.
(sorry for late reply, since I am a new user with no reputation, I have to wait 120 seconds before I can reply, lol)
-
@yupq6wlc79ts
NordVpn Openvpn client setting
Check this option
-
It wasn't checked. I checked it and tested the device by enabling the rule, No Internet on that device.
-
This post is deleted! -
-
@yupq6wlc79ts
all right now.
check nat / outbound for wan interface
-
-
@yupq6wlc79ts
Here is and mistake
no nat rule for wan 192.168.1.0/24
It is necessary to add -
The reason was, It kinda acts as a kill switch. If the VPN goes down, no devices will be able to connect to the internet.
But my 5 devices aren't on VPN, so they should still be connected. What do I need to add/change here?
-
@yupq6wlc79ts
Add a nat outbound rule for the 192.168.1.0/24 on the wan interface as I showed in the picture
and 5 devices will be able to access the Internet via wan
Do not delete anything
