Text only | Text with Images

OPNsense Forum

English Forums => General Discussion => Topic started by: seamus on August 02, 2020, 12:03:50 AM

Title: SOLVED: Rules for LAN with more than one subnet
Post by: seamus on August 02, 2020, 12:03:50 AM
NOTE: You will not find the answer here. Instead look here: https://forum.opnsense.org/index.php?topic=18381.msg83553#msg83553 (https://forum.opnsense.org/index.php?topic=18381.msg83553#msg83553)

My LAN uses 192.168.1.0/24, and it works just fine for all hosts with this address range.  The LAN gateway on my OPNsense firewall is 192.168.1.1. It all pretty much auto-configured itself, so I've not had to do much manual configuration.

I've added a new device to the network that insists on using 192.168.6.0/24. This device uses Ethernet-over-USB, and it's plugged into a Linux laptop whose WiFi is assigned via DHCP: 192.168.1.104. I understand that Ethernet-over-USB is indistinguishable from other Ethernet traffic, and requires no 'special handling'.

I think I've got the Linux laptop and its USB device configured properly: I can make an SSH connection from the Linux laptop to the USB device at 192.168.6.2. I can 'ping' the WiFi from the USB device on its 192.168.6.2 interface, and I can ping 192.168.6.2 from the Linux laptop.

My problem is that the devices on the 192.168.6.0/24 net cannot successfully make a connection to the Internet. In addition, I cannot successfully 'ping' the LAN gateway at 192.168.1.1 from the USB device at 192.168.6.0. I don't understand why this is so because the IPv4 rules on the LAN interface allow ALL sources (*). I've attached a screenshot so that's clear).

I am not sure if ALL sources includes packets with a source address from the 192.168.6.0/24 network or not??? This is a major point of confusion for me. I have searched in vain for anything in the OPNsense configuration GUI that would allow me to create or use this 192.168.6.0 network in a firewall rule. How is this done?... the 192.168.6.0/24 hosts are not directly connected to the OPNsense firewall - they are only connected to the Ubuntu host, and use its WiFi as the gateway to the 192.168.1.0/24 net.

Can someone explain what I need add to OPNsense to get Internet access for the USB device at 192.168.6.0/24? I've searched the OPNsense documentation, but found nothing relevant to this situation... but if I've missed something, I'd like to know that also.
Title: Re: Rules for LAN with more than one subnet
Post by: marjohn56 on August 02, 2020, 03:42:13 PM
Simple, they cannot see each other. the x.x..6.0 range will not talk to the *.*.1.0 range without either a gateway or a mask of 255.255.0.0. What make/model is the USB dongle, sounds like it's running in gateway mode rather than access point mode.
Title: Re: Rules for LAN with more than one subnet
Post by: seamus on August 02, 2020, 09:36:51 PM
Quote from: marjohn56 on August 02, 2020, 03:42:13 PM
Simple, they cannot see each other. the x.x..6.0 range will not talk to the *.*.1.0 range without either a gateway or a mask of 255.255.0.0. What make/model is the USB dongle, sounds like it's running in gateway mode rather than access point mode.

I have a gateway - the WiFi interface in the Ubuntu host (see attachment, please). I've created a static route in OPNsense using this gateway. I can ping the OPNsense host at 192.168.1.1 from 192.168.6.2.

The "dongle" is a "pocketbeagle" running Debian: https://beagleboard.org/pocket (https://beagleboard.org/pocket). It runs its own DHCP server, and is configured to create its own network.
Text only | Text with Images