[Question] DMZ setup

[drewmullen]

I am trying to setup a physical DMZ for my home network but not sure if its possible to allow external traffic to other interfaces. I'm curious if you've considered this or if you have advice.

My router has 4 ethernet ports so physical separation isnt a problem for me. In this circumstance though I'm open to setting up DMZ via VLANs if thats easier; I'm just not super familiar with those concepts so I opted for physical

OPNSense 20.1 - My current setup is by-the-book (readme docs hehe) except adding in the extra kernel mods

This is a great project, thank you for taking over!

[drewmullen]

so traffic from my DMZ interface is working but im scratching my head has to how lol

question - what is the relationship between the LAN and WAN? i found in the screenshot below, auto-NAT configuration that looks to now include my DMZ network (im not sure if they existed before but i doubt it did).

i'd wager this 'auto rule' is how traffic from the new DMZ interface is getting outside

[maxfield-allison]

This is way outside the scope of this project. you should check opnsense forums for this https://forum.opnsense.org/

[drewmullen]

@maxfield-allison maybe im not being clear - im not asking about how to setup a DMZ. i know how to do that

I'm curious about the implications of the pfatt vlan tagging / 802.1/X auth routing on other interfaces. frankly some of this project is magic to me so i was trying to ask about generally how are the interfaces effected by it

[maxfield-allison]

Gotchya. Other interfaces aren't affected at all. I have several physical interfaces and several VLANs and I haven't noticed any strange behavior. What this does is bridge your ont and gateway wan ports and only allow the gateway to communicate auth traffic. for the att ont to accept traffic, the bridge just tags everything with vlan 0 which is reserved anyway and not usually used in home networks.

[drewmullen]

Thanks!