[Solved] - LAN to OPT1 Rules not Working
-
Hello,
I have a slight issue when connecting LAN PC's to Servers on OPT1 network.
Not putting any rules on the LAN firewall rules page allows everything on the LAN to access everything on OPT1.
Now, I want to lock this down so I created an alias called "Servers" and added a few servers that are on the OPT1 subnet.
I modified the default LAN rule and set destination as "NOT OPT1 net"
Now, before this rule, I have added a new rule that allows any source on the LAN net to access the alias "Servers" but I am not able to access these servers from the LAN net, even after applying the changes, resetting the states table and rebooting.
And of course if I modify the default rule again and under destination uncheck NOT and set to any, it resumes working.
Am I missing something here?
-
Any reason your rule to allow access to the servers only allows access to TCP? Why not UDP as well?
-
Wow…I totally missed that and of course I was pinging to test connectivity. Set the protocol to any and now everything works!
Thanks.
-
You need to reject LAN net to OPT1 net followed by your pass any any.
What you have there won't block anything from LAN to OPT1.
Assuming you are trying to limit connectivity from LAN to OPT1 to all but Servers.
ETA: Not true - I didn't notice that last rule was IPv6.
I'd still rather see and explicit reject rule for the traffic you want to block followed by a pass rule instead of that exclusion.
-
You need to reject LAN net to OPT1 net followed by your pass any any.
What you have there won't block anything from LAN to OPT1.
Assuming you are trying to limit connectivity from LAN to OPT1 to all but Servers.
ETA: Not true - I didn't notice that last rule was IPv6.
I'd still rather see and explicit reject rule for the traffic you want to block followed by a pass rule instead of that exclusion.
Good Idea. I have added such rules now. Thanks.
