News: This forum is now permanently frozen.
Pages: [1]
Topic: Firewall rules to block traffic between LAN and OPT  (Read 1737 times)
« on: February 20, 2014, 15:24:53 »
javiert99 *
Posts: 5

Hi All,

New to the monowall world, no stranger to firewalls though, heavy in the Sonicwall world.

I've inherited several working monowalls with typical LAN/WAN setups, IPSEC tunnels between sites, all is well. The unit is running version 1.33

I need one site to have an optional "guest" network. I have enabled the 3rd network port on my soekris 4501, activated DHCP, set up the typical "default" wide open rule, and I can browse just fine on what I have called LAN2.

I want this network completely isolated from the primary LAN and just want it to have internet connectivity. I have tried several rule combinations blocking traffic from LAN2 to LAN1 as is logical to me and I can never seem to block the traffic.

LAN1 IP range is 192.168.3.0/24, IP of unit is 192.163.3.1
LAN2 IP range is 192.168.7.0/24, IP is 192.168.7.1

Any help would be appreciated! Thanks!
« Reply #1 on: February 20, 2014, 17:03:28 »
Fred Grayson *****
Posts: 994

Add a block rule above the default Allow Any rule. Configure the rule as follows:

Source: LAN2 Network
Destination: LAN Network

--
Google is your friend and Bob's your uncle.
« Reply #2 on: February 20, 2014, 17:54:57 »
javiert99 *
Posts: 5

Hi Fred,

That's the rule I created but could still ping devices on the .3.x network.

I'll try again and see if maybe I transposed something by mistake.

Thanks!
« Reply #3 on: February 20, 2014, 18:34:36 »
Fred Grayson *****
Posts: 994

Did you specify 'any' for the protocol for the rule?

--
Google is your friend and Bob's your uncle.
« Reply #4 on: February 20, 2014, 20:47:40 »
javiert99 *
Posts: 5

Yep, any was selected for protocols.
« Reply #5 on: February 20, 2014, 21:09:27 »
Fred Grayson *****
Posts: 994

We'd have to see the complete rule set to debug this further.

--
Google is your friend and Bob's your uncle.
« Reply #6 on: February 20, 2014, 21:32:31 »
javiert99 *
Posts: 5

I'll be at that site tomorrow and will continue working with it from there. I have nothing plugged into that network to test with right this second. Thank you for your help so far.
« Reply #7 on: February 21, 2014, 22:03:40 »
javiert99 *
Posts: 5

Not sure what I did wrong the first time (maybe I stuck the rule in LAN1, thinking i'd block LAN2 traffic from there)..

This time created a rule in LAN2 to block traffic from LAN2 to LAN1 and all is well.

Thank you!
« Reply #8 on: February 21, 2014, 23:12:20 »
Fred Grayson *****
Posts: 994

That was your mistake. The rules apply to the interface the packets come into the firewall on.

--
Google is your friend and Bob's your uncle.
 
Pages: [1]
 
 
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines