hhf/pfatt
1
0
Fork 0
Code Issues 26 Pull requests Projects Releases Packages Wiki Activity Actions

[Question] DMZ setup #12

New issue
Closed
opened 2020-06-23 15:46:24 +05:30 by drewmullen · 5 comments
drewmullen commented 2020-06-23 15:46:24 +05:30 (Migrated from github.com)
Copy link

I am trying to setup a physical DMZ for my home network but not sure if its possible to allow external traffic to other interfaces. I'm curious if you've considered this or if you have advice.

My router has 4 ethernet ports so physical separation isnt a problem for me. In this circumstance though I'm open to setting up DMZ via VLANs if thats easier; I'm just not super familiar with those concepts so I opted for physical

OPNSense 20.1 - My current setup is by-the-book (readme docs hehe) except adding in the extra kernel mods

This is a great project, thank you for taking over!

I am trying to setup a physical DMZ for my home network but not sure if its possible to allow external traffic to other interfaces. I'm curious if you've considered this or if you have advice. My router has 4 ethernet ports so physical separation isnt a problem for me. In this circumstance though I'm open to setting up DMZ via VLANs if thats easier; I'm just not super familiar with those concepts so I opted for physical OPNSense 20.1 - My current setup is by-the-book (readme docs hehe) except adding in the [extra kernel mods](https://github.com/MonkWho/pfatt/issues/4) This is a great project, thank you for taking over!
drewmullen commented 2020-06-23 17:50:30 +05:30 (Migrated from github.com)
Copy link

so traffic from my DMZ interface is working but im scratching my head has to how lol

question - what is the relationship between the LAN and WAN? i found in the screenshot below, auto-NAT configuration that looks to now include my DMZ network (im not sure if they existed before but i doubt it did).

i'd wager this 'auto rule' is how traffic from the new DMZ interface is getting outside

image

so traffic from my DMZ interface is working but im scratching my head has to how lol question - what is the relationship between the LAN and WAN? i found in the screenshot below, auto-NAT configuration that looks to now include my DMZ network (im not sure if they existed before but i doubt it did). i'd wager this 'auto rule' is how traffic from the new DMZ interface is getting outside ![image](https://user-images.githubusercontent.com/3812162/85402690-1b548800-b52a-11ea-880f-ff248e5cd95e.png)
maxfield-allison commented 2020-06-24 00:20:06 +05:30 (Migrated from github.com)
Copy link

This is way outside the scope of this project. you should check opnsense forums for this https://forum.opnsense.org/

This is way outside the scope of this project. you should check opnsense forums for this https://forum.opnsense.org/
drewmullen commented 2020-06-24 01:56:10 +05:30 (Migrated from github.com)
Copy link

@maxfield-allison maybe im not being clear - im not asking about how to setup a DMZ. i know how to do that

I'm curious about the implications of the pfatt vlan tagging / 802.1/X auth routing on other interfaces. frankly some of this project is magic to me so i was trying to ask about generally how are the interfaces effected by it

@maxfield-allison maybe im not being clear - im not asking about how to setup a DMZ. i know how to do that I'm curious about the implications of the pfatt vlan tagging / 802.1/X auth routing on other interfaces. frankly some of this project is magic to me so i was trying to ask about _generally_ how are the interfaces effected by it
👍 2
maxfield-allison commented 2020-06-24 02:12:55 +05:30 (Migrated from github.com)
Copy link

Gotchya. Other interfaces aren't affected at all. I have several physical interfaces and several VLANs and I haven't noticed any strange behavior. What this does is bridge your ont and gateway wan ports and only allow the gateway to communicate auth traffic. for the att ont to accept traffic, the bridge just tags everything with vlan 0 which is reserved anyway and not usually used in home networks.

Gotchya. Other interfaces aren't affected at all. I have several physical interfaces and several VLANs and I haven't noticed any strange behavior. What this does is bridge your ont and gateway wan ports and only allow the gateway to communicate auth traffic. for the att ont to accept traffic, the bridge just tags everything with vlan 0 which is reserved anyway and not usually used in home networks.
👍 2
drewmullen commented 2020-06-24 06:18:08 +05:30 (Migrated from github.com)
Copy link

Thanks!

Thanks!
👍 1
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
supplicant
supplicant_OPNsense_testing
No results found.
Labels
Clear labels   
bug

Something isn't working

  
duplicate

This issue or pull request already exists

  
enhancement

New feature or request

  
good first issue

Good for newcomers

  
help wanted

Extra attention is needed

  
invalid

This doesn't seem right

  
question

Further information is requested

  
wontfix

This will not be worked on

No labels
bug
duplicate
enhancement
good first issue
help wanted
invalid
question
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: hhf/pfatt#12
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?