block traffic between interfaces [Solved]
-
do you have a public ip on your wan or is it behind another modem/router with 192.168.x.x network?
-
Its connected through router there is no Public IP.
Now its working after changing the rule order for both the networks.
but not able ping own gateway ips as well. -
modify the alias to be more specific, put inside only the network you have for the LAN and for the OPT1 interface
-
this is the rule which i have created as per your advice.
-
Alias Internal_default_Addr
-
But not able to ping own gateway IP.
Ex: if my lan network is 192.168.1.1/24 i am not able to ping 192.168.1.1 from the same notwork. -
what addresses do you have in the wan, lan and opt1 interfaces?
another way to do that is to make a block rule with destination "OPT1 net" on the LAN tab and one block rule with destination "LAN net" on the OPT1 tab -
WAN Configured as DHCP, WAN IP is 192.168.0.8/24.
LAN Network : 192.168.1.1/24
OPT1 : 192.168.100.1/24 -
maybe it's easier for you: another way to do that is to make a block rule with destination "OPT1 net" on the LAN tab and one block rule with destination "LAN net" on the OPT1 tab
-
Ok Will check.
What if i want to block all ports between these two networks and allow a specific port for a specific service?
Ex : Assume my ftp server is in LAN network and i want to allow only that ftp server with ftp port for OPT1 network . and all other ports should be blocked.
-
This post is deleted! -
@mass said in block traffic between interfaces:
y ftp server is in LAN network and i want to allow only that ftp server with ftp port
for starters set an allow rule for the IP or the alias + port of your ftp server
in front of your block rule ...rules are runnin top to bottom
brNP
-
@noplan said in block traffic between interfaces:
for starters set an allow rule for the IP or the alias + port of your ftp server
in front of your block rule ...
rules are runnin top to bottom
brNPOk
-
@kiokoman said in block traffic between interfaces:
maybe it's easier for you: another way to do that is to make a block rule with destination "OPT1 net" on the LAN tab and one block rule with destination "LAN net" on the OPT1 tab
Yes Its working ,
Thanks a lot
-
ftp workin to ?
brNP -
-
@mass
please mark topic as solved -
@noplan said in block traffic between interfaces:
@mass
please mark topic as solvedfrom where i can mark?
-
i don't know if you can still modify the title, i think there is a time limit for it, if you are unable to change it anymore only a moderator can do that, well.. don't you stress too much about that anyway, afaik it is not required here
-
Marked as solved ;)
Just to throw in my 2 cents.. @kiokoman use of the alias for rfc1918 is good one... When you only have small couple of vlans not really needed. But such an alias allows for growth and ease of management of rules.
So sure you can just block specific X net in you Y rules.. But if you also have A,B,C ... G vlans and you don't want any of them talking to any other vlan.. Alias that includes all your networks makes that easier to do.
If you have questions on if your rules will do what you want them to do.. Just paste up your rules and explain what your wanting to do exactly. And pretty sure multiple people be happy to jump in and say yeah or nay, or hey you can do it cleaner this way. Or you forget to block firewall, so clients could still get to the wan address, etc. etc..
When posting up rules, its always best to include all of them on the interface, and showing the specific interface they are on.. And stating that there is nothing in floating, or showing them as well if you have rules in your floating.
This is bad way to show rules
What is above that rule, what specific interface is it on?
This is better way to show rules on an interface.
