Firewall

The Firewall is a router called firewall in the internal network. It makes sure all connections are routed through the vpn and switches (and later balances) traffic through our different Internet connections (Satelite, DSL, [planned Fiber, maybe LTE, Wifi]).

The firewall is a APU with 3 gigabit network ports and Opnfsense as operating system.

The network ports are named igb0, igb1, igb2

igb0 is the uplink to the DSL network and has a dynamic IP address. igb1 is the uplink to the SAT network and has a dynamic IP address. igb2 is the interface to the network used by all clients in the premises and has a fixed IP address (192.168.1.1).

The dhcp server is available on the igb2 network only and gives out dynamic addresses from 192.168.1.100 to 192.168.1.255 and fixed addresses from 192.168.1.10 to 192.168.1.99 .

The OpenVPN client connects to a remote host tunnel all the traffic. When the VPN connection is up, all traffic gets forwarded through the VPN, when it is down, no traffic gets forwarded.

Firewall Rules are set in Opnfsense. Outbound Nat Rules make sure that no traffic from the internal network is sent to the internet when the VPN is not up

Sometimes it is required to check which device is responsible for traffic. In rare circumstances it is also required to shut that device off.

1. Login to https://192.168.1.1
2. Open “Interfaces/Diagnostics/ARP Table” on a separate tab
3. Open “Reporting/Insight” on a separate tab
4. Open “Reporting/Traffic Graph”, Select LAN
5. Find the device causing traffic, look up the IP in the arp-table (gives more info like manufacturer)
6. Open “Firewall/Traffic Shaper/Settings” → Rules
7. Duplicate the BAD GUI rule and enter the IP address, name the new rule and click apply