Firewalling WAN to local where local are public IP addresses

0lzi · March 18, 2025, 5:46pm

We have a /29 public IP for the firewalls and have a /27 public IP space we host stuff on.

VyOS version 1.4.1

We have these set in a vlan and DHCP enabled.

What firewall rules would be needed to get to these IP/27 from the internet , my initial thought would be on forward filter as the traffic is not directly destined for the VyOS firewalls on the /29? or custom rule with a jump from forward filter when source interface is WAN ?

Won’t need to do port forwarding, again as these public IP addresses are sitting behind our firewall.

woodsb02 · March 19, 2025, 12:00am

It sounds like like your WAN interface has the /29 and your LAN interface (or equivalent) has the /27, with vyos routing between the 2?

If so, yes it’s the forward filter.

0lzi · March 19, 2025, 7:45am

Thanks for confirming brain wasn’t working properly yesterday

system · March 21, 2025, 7:46am

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.