HomeData EngineeringData DIYCreating a firewall rule with OPNsense
Data DIY

Creating a firewall rule with OPNsense

Creating a firewall rule with OPNsense

[ad_1]

So you have OPNsense installed as your firewall appliance in your data center. Now what? With the platform up and running, your next step is to start creating firewall rules, to keep your network and systems protected. How do you do that? Because OPNsense offers a web-based GUI, the task is actually pretty simple.

I’m going to walk you through the creation of a single firewall rule, with the help of the OPNsense GUI. To demonstrate this tool, I will show you how to allow SSH traffic from the WAN to a specific IP address on your network. Let’s make this happen.

What you need

The only things you need are a running instance of OPNsense, an administrator account to log in with, and a destination IP address for which to route traffic.

Create the rule

Once you log into OPNsense with the root account, click on Firewall (in the left navigation). From that expanded menu, click NAT (Network Address Translation), which will reveal Port Forward (Figure A).

Figure A: We’re going to use Port Forwarding for our new rule.

Click Port Forward, which will open the rules for this type (Figure B).

Figure B: Our current NAT rules.

To add a new NAT rule, click Add in the top right corner. In the resulting window (Figure C), you configure the rule.

Figure C: The OPNsense rule entry window.

Here are the options to use for the new Network Address Translation rule:

  • Interface: WAN
  • TCP/IP Version: IPv4
  • Protocol: TCP
  • Source: Any
  • Source port range: Any
  • Destination: LAN net
  • Destination port range: Any (for both from and to fields)
  • Redirect target IP: Single host or Network (which will then require you to enter the IP address you want to route SSH traffic to)
  • Redirect target port: SSH
  • Description: SSH from WAN to X (Where X is the destination IP address).
  • Set local tag (Optional): SSH_NAT
  • Filter rule association: None

Once you fill out that information, click Save at the bottom of the page and then click Apply changes (so your rule will take effect). After clicking Apply changes, your rule should now be working, and SSH traffic from the WAN will be directed to the redirect target address IP you set.

You can, of course, use this simple rule as a template to direct other types of traffic (such as HTTP) to specific IP addresses. Using the Clone button (in the rule listing), you can then alter the source and target ports from SSH to HTTP(s) to direct traffic from the WAN to your web server.

Once you understand how to create this easy NAT rule, you can then move up to more complicated tasks with OPNsense.

[ad_2]

This article has been published from the source link without modifications to the text. Only the headline has been changed.

Source link

Previous article
NLP vs. NLU: Understanding and processing of a language
Next article
Introduction to GAM and 7 Best Practices

RELATED ARTICLES

Youtube @blockgeni

Most Popular

Load more

Follow Us

Contact us: [email protected]

POPULAR POSTS

POPULAR CATEGORY

About Us
Contact Us
Privacy
Terms & Conditions

© Blockgeni.com 2024 All Rights Reserved, A Part of SKILL BLOCK Group of Companies