====== Firewall ======


The Firewall is a router called firewall in the internal network. It makes sure all connections are routed through the vpn and switches (and later balances) traffic through our different Internet connections (Satelite, DSL, [planned Fiber, maybe LTE, Wifi]).

===== Configuration =====


The firewall is a APU with 3 gigabit network ports and Opnfsense as operating system.

The network ports are named igb0, igb1, igb2

igb0 is the uplink to the DSL network and has a dynamic IP address.
igb1 is the uplink to the SAT network and has a dynamic IP address.
igb2 is the interface to the network used by all clients in the premises and has a fixed IP address (192.168.1.1).

==== DHCP Server ====

The dhcp server is available on the igb2 network only and gives out dynamic addresses from 192.168.1.100 to 192.168.1.255 and fixed addresses from 192.168.1.10 to 192.168.1.99 .

==== OpenVPN Client ====

The OpenVPN client connects to a remote host tunnel all the traffic. When the VPN connection is up, all traffic gets forwarded through the VPN, when it is down, no traffic gets forwarded.

==== Firewall Rules ====

Firewall Rules are set in Opnfsense.
Outbound Nat Rules make sure that no traffic from the internal network is sent to the internet when the VPN is not up

==== Handle Network Disturbances ====

Sometimes it is required to check which device is responsible for traffic. In rare circumstances it is also required to shut that device off.

  - Login to https://192.168.1.1
  - Open "Interfaces/Diagnostics/ARP Table" on a separate tab
  - Open "Reporting/Insight" on a separate tab
  - Open "Reporting/Traffic Graph", Select LAN
  - Find the device causing traffic, look up the IP in the arp-table (gives more info like manufacturer)
  - Open "Firewall/Traffic Shaper/Settings" -> Rules
  - Duplicate the BAD GUI rule and enter the IP address, name the new rule and click apply