G’day,
I’d like to be able to have an exit node to access the internet (WAN IPs, google, etc) without people being able to access other devices on the LAN of the exit node (eg. the firewall on my network).
To Reproduce
Steps to reproduce the behavior:
Create an exit node network route
Use a device on a different network to test the exit route and try to access a LAN device (eg. 192.168.1.1)
Expected behavior
No access to private IP addresses. Preferably by default but maybe using an ACL
Are you using NetBird Cloud?
No, this is a self hosted version
I think that should be possible by having no ACL at all for this. Or putting up a VLAn internally to be able to block any connections from going out to the LAN, and only be able to go out to WAN>
G’day,
I tried setting as both an EXIT node and a regular routing node. With the exit node, it didn’t have any ACL rules but I could use another device to access 192.168.1.1 via the exit node. I then tried using it as a regular routing node but there doesn’t seem to be a way to allow all but some IP addresses (eg ALLOW 0.0.0.0/0 BLOCK 192.168.1.0/24).