Problem enabling OPT port

NGUSER6947 · Feb 16, 2020, 4:10 PM

Having a problem enabling the OPT port on my SG-1000.

I am setting up an isolated network, for working at home. I want it totally isolated from the LAN network (my stuff) both ways (neither should be able to transfer data from the other).

So to start, I set up the OPT port, mostly mimicking the LAN port setup:

But the PC I'm using to test this won't connect. It's a Ubuntu box, and plugging into a switch on my LAN port works just fine. When plugged directly into the OPT port on the SG-1000, it reports "Wired - unable to connect" (or something like that). I have tried 2 different ethernet cables, but still no luck.

Do I have the OPT port configured right, to start with? Thanks!

Rico · Feb 16, 2020, 4:16 PM

You need to add Firewall Rules in the OPT tab to allow any traffic.

-Rico

NGUSER6947 · Feb 16, 2020, 6:33 PM

Here's how I have the rules set for OPT:

And on the LAN side:

akuma1x · Feb 16, 2020, 7:12 PM

You need to change your first block rule on the OPT network.

Make it read like this:
Source is OPT net, destination is LAN net

The way it reads now, it doesn’t block anything.

Jeff

johnpoz · Feb 16, 2020, 7:30 PM

@NGUSER6947 said in Problem enabling OPT port:

OPT port on my SG-1000.

The sg1000 doesn't have an OPT port, do you mean the 1100 I take it?

Did you enable dhcp on your new interface? This would seem more like the error you describe about not able to connect?

Validate you get lights on the interface.. Does your pc get an IP on this 192.168.2 network?

As already mentioned by @akuma1x you need rules.. Lan net would never be a source into opt..

Rules are evaluated as traffic enters and interface from the network its attached to. Top down, first rule to trigger wins, no other rules are evaluated.

You have it correct on your lan interface.

NGUSER6947 · Feb 16, 2020, 10:19 PM

Yes I meant SG-1100.

So I fixed (I think) the rule for OPT. Then I checked Services/DHCP server. I only see a tab for the LAN interface, not one for the OPT interface. So that is likely the reason a PC on that interface cannot connect. What am I doing wrong such that I don't have the DHCP tab to configure for OPT?

johnpoz · Feb 16, 2020, 11:24 PM

If you don't she dhcp available, means the interface not actually enabled. Or you have say a /32 mask vs something like /24... With a /32 (default to this) would have no addresses for dhcp to be enabled with.

You cut off in your screenshot what the mask is on that 192.168.2.1 address you set.

NGUSER6947 · Feb 17, 2020, 9:32 PM

Yes the /32 mask was the problem... changed to /24, enabled DHCP, and good. Thank you all!