English Forums > General Discussion

single WAN, multi LAN... noob

(1/1)

4art4:
I am trying to find information, and I guess that I do not know enough to ask the right question.  So... What is the right question?  I am not a network guy, so... I might be headed the wrong way.  The goal is to mimic "defense in depth" the best I can on my homelab. 

My situation is this:  I have a new OPNsense install on: Intel i5,  16gb ram,  9 physical NICs (one 1gib on board, and 2 PICe cards that each have 4x 10gib).  I am attempting to create an overly complex configuration where I get each part of me homelab on its own LAN.  The parts include:  wired: App layer, storage, backup, services (like DNS), Work systems; wifi: IOT, casual devices (like phones),  gaming/streaming devices, work systems.

I figured that for each of the LANs, this would be easy, and the first one was.  OPNsense just configured the WAN and the LAN (Im using this one for "work systems"), and everything works fine.  For testing, Im double-natted with the old router, but I dont think that matters.  The old router is using 192.168.1.0/24 and the OPNsense router has the LAN configured with 172.20.0.0/24.  All is good...

...until I try to configure the next LAN.  I set up an interface as "storage" with 172.20.1.0/24.  I configured the firewall to allow ipv4 traffic to anywhere.  A storage device on the LAN gets a dhcp address, but cannot ping a pubic IP that a device in the work lan can ping.  Nor can it do anything else outside its lan.  The upstream gateway is "auto-detect", and system -> gateways -> single only shows the one gateway that is the old router IP. 

The question I want to ask is:  What do I not know I need to configure? 

I assume that I will be able to open spesific port for spesific devices next.  Just adding a firewall rule on top of the rules for the source of the connection?


If you made it this far, you are a trouper!   

4art4:
OK... All I did was reboot the OPNsense and it started to work.

so new question:  When do I need to reboot?  Is there something better I can do (like restart a service)? 

Navigation

[0] Message Index

Go to full version