need help with firewall block rule for guest VLAN

wgstarks · Feb 10, 2022, 2:24 AM

Devices are unable to get internet access on my guest network and I've narrowed the problem down to my firewall admin block rule. My intent is to allow access to DHCP, DNS, etc and only block admin access.

Current rules-

ADMIN_PORTS alias-

If I disable the Admin Block rule devices have internet access. What do I need to change?

wgstarks · Feb 10, 2022, 2:30 AM

I'm an idiot.
After posting I realized it's not the admin block rule I was disabling. It's the LOCAL_SUBNETS block rule. I've changed the title accordingly.

I want to set this up to block access to other subnets from the guest network but the current one seems to be blocking traffic to WAN.

LOCAL_SUBNETS alias-

A Former User · Feb 10, 2022, 2:48 AM

@wgstarks ok, look at this example:

as shown here before block RFC you must place your rule of what you want to allow.

then what you want to block and finally step to everything.

do you understand me?

wgstarks · Feb 10, 2022, 3:06 AM

@silence
I think I understand but still can't seem to get it to work. I setup a pass rule for WAN but still no internet access.

A Former User · Feb 10, 2022, 3:12 AM

@wgstarks said in need help with firewall block rule for guest VLAN:

I think I understand but still can't seem to get it to work. I setup a pass rule for WAN but still no internet access.

nooo, please remove this rule.

Remove this from your alias here is your problem.

wgstarks · Feb 10, 2022, 3:23 AM

@silence said in need help with firewall block rule for guest VLAN:

@wgstarks said in need help with firewall block rule for guest VLAN:

I think I understand but still can't seem to get it to work. I setup a pass rule for WAN but still no internet access.

nooo, please remove this rule.

Remove this from your alias here is your problem.

Like I said before, I'm an idiot. I really should have seen that right off. Glad you did. Thanks for the help.

A Former User · Feb 10, 2022, 3:26 AM

@wgstarks said in need help with firewall block rule for guest VLAN:

Thanks for the help.

Do not forget to like the comment that helps you please.

wgstarks · Feb 10, 2022, 3:28 AM

@silence
Tried to like it twice but I guess that's not allowed.

A Former User · Feb 10, 2022, 3:33 AM

@wgstarks said in need help with firewall block rule for guest VLAN:

Tried to like it twice but I guess that's not allowed.

Please click here.

johnpoz · Feb 10, 2022, 9:39 AM

@wgstarks said in need help with firewall block rule for guest VLAN:

I setup a pass rule for WAN but still no internet access.

Wan net is just that the specific network attached to your wan, lets say 1.2.3.0/24 if that is the network your isp or you assigned to your "wan net" that would not be say googledns at 8.8.8.8 or www.netgate.com or any other "internet' IP it would just be your actual wan net.

btw @Silence that little plus sign is to follow you, not give you a rep point via "liking" your post..

And no you can not like something more than once ;)