[SOLVED] Is OPT1 The Third Interface a Must ?

Started by amithad, May 12, 2017, 12:09:23 PM

Previous topic - Next topic
Print
Go Down Pages1 2
User actions
May 12, 2017, 12:09:23 PM Last Edit: May 29, 2017, 12:00:50 PM by franco
Hi,

I'm building a transparent firewall and totally new to OPNsense. When I followed the OPNsense documentation pertain to Transparent Filtering Bridge (  https://docs.opnsense.org/manual/how-tos/transparent_bridge.html ) , and as soon as I followed the Third step of creating the bridge ; I was not able to access the LAN interface by typing http://192.168.1.1

Do I have to have three Ethernet cards (LAN, WAN and OPT1 ) to build a transparent firewall and configure it?

Thanks
May 12, 2017, 02:14:54 PM #1
My firewall setup is as follows:

Internet <-------->Firewall<--------->Transparent Firewall(OPNsense)<-------> LAN
May 12, 2017, 06:30:44 PM #2
No, 2 is enough. 1x LAN and 1x WAN

Gr. Micky
May 13, 2017, 05:02:49 PM #3
Hi Micky,

Thanks for your reply. Could you tell me why I was not able to access the management interface after creating the bridge?

Thanks again :)
May 13, 2017, 08:15:14 PM #4
Hi amithad,

i believe you don't need a bridge. Interface1 is WAN, Interface2 is LAN. Now you enable the Proxy. The Rules are creating automatic. Test it with manual Proxy (http Port 3128) in your browser, when ok you can enable the transparent proxy and check again.
May 15, 2017, 07:58:23 AM #5 Last Edit: May 15, 2017, 08:00:06 AM by amithad
Hi Micky,

Thanks a lot for your valuable information and time on my matter. I am implementing this OPNsense firewall to mitigate the drawbacks of my tire1 firewall which is I'm not allowed to change.

I'm planning to do this without changing the IP addresses of my LAN. I hope that the WAN interface and the LAN interface can apply the IPs of the same subnet on my OPNsense firewall!! I'll try your valuable information of the transparent proxy as well.

For further clarification I give my IP addressing plan below:

Internet<----> Tire1 Firewall's Internal IP (192.168.2.7/24)<----->OPNsense Firewall's WAN IP(192.168.2.6/24)===OPNsense Firewall's LAN IP ( 192.168.2.6/24)<------> LAN(192.168.2.0/24)

Since the routing function happens between Two subnets I doubts whether I can give the same subnet's IPs for my OPNsense firewall's WAN and LAN interface  :-\

I hope I gave my requirement clearly...!!! I want to know whether it's possible to achieve it using OPNsense.

Thanks  :)
May 15, 2017, 08:34:13 AM #6
Good Morning,

i believe you need compelingly different subnets for WAN and LAN.

Gr. Micky
May 15, 2017, 12:09:17 PM #7
Good Morning Micky!

Thanks for the information. I'll try with your information.

Thanking you again  :)
May 15, 2017, 05:04:22 PM #8
FYI: I just updated to docs as there have been some changes since 15.7.11 that prohibit the filtering bridge to work with further configuration. See: https://docs.opnsense.org/manual/how-tos/transparent_bridge.html


I recommend to check each step again if thing do not workout as intended.

Cheers,

Jos
May 17, 2017, 08:54:01 AM #9
Hi Jos,

Many thanks for the information.

:) :)


May 19, 2017, 03:02:18 PM #10
Quote from: jschellevis on May 15, 2017, 05:04:22 PM
FYI: I just updated to docs as there have been some changes since 15.7.11 that prohibit the filtering bridge to work with further configuration. See: https://docs.opnsense.org/manual/how-tos/transparent_bridge.html


I recommend to check each step again if thing do not workout as intended.

Cheers,

Jos

Hi,

I followed the exact steps on the documentation. But after creating the bridge by combining the LAN and WAN interface I was not able to access the management interface :(

Thanks

May 19, 2017, 10:18:35 PM #11
Thank you Jos, for updating the Wiki!
overkill: Dell SFF i5, 16gb, 120gb SSD, 4x gb NICs
OPNsense 21.1.x
May 22, 2017, 03:24:11 PM #12
Hi All,

Finally I was able to manage to access the management interface (OPT1) after creating the bridge using LAN and WAN. But I did a slight change, since I failed Two times after following the exact steps on the documentation. I created the bridge at the end and allow all traffic to all interfaces as given in the documentation.

But now I'm facing a different issue. My LAN users are not able to access the internet. :( , My production firewall's LAN IP is 192.168.1.7 that IP is given as the default gateway to all my workstation on LAN. If I am right I dont have to change those since my OPNsense transperant firewall act in bridge mode.

What should I do to give the internet access to LAN users?

Thanks
May 23, 2017, 02:02:39 PM #13
Hi All,

I did a mistake while configuring the rules given on step 7. I just add an allow rule to the floating rules. I didnt apply allow rules to all the three interfaces (LAN,WAN,OPT1).

I have corrected those. I will try this on the production network and give the feedback. I APOLOGIZE for the mistake I have done. :)

 
May 24, 2017, 04:33:27 PM #14 Last Edit: May 24, 2017, 06:50:53 PM by amithad
Hi All,

I tried after giving allow rule, which stated on step 7 on the documentation for all the interfaces. Still my LAN users are not able to connect to the internet through the OPNsense transparent firewall. When I try to give the gateway, It doesn't allow to add the gateway on the WAN interface and it gives an error message.

My IP setup is as follows:

Internet <----> Production FW's Internal IP ( 192.168.1.7/24 )<-----> OPNsense FW(OPT1 IP is 192.168.1.8, LAN and WAN doesn't have IPs since it's bridged )<--------> LAN ( 192.168.1.0/24 )

All my LAN workstations have the default gateway as 192.168.1.7 and the primary DNS server as 192.168.1.10                                           
Print
Go Up Pages1 2
User actions