Text only | Text with Images

OPNsense Forum

English Forums => General Discussion => Topic started by: tsystem on September 25, 2020, 11:32:33 PM

Title: 2 separate LAN/WAN on same computer [SOLVED]
Post by: tsystem on September 25, 2020, 11:32:33 PM
Hi everybody,

I came to you because i've a problem that make me crasy to solve (working with leboubou111 on this problem french post https://forum.opnsense.org/index.php?topic=19179.15 (https://forum.opnsense.org/index.php?topic=19179.15))

My idea is simple, i have 4 interfaces: 2 WAN (WAN200_ / WAN230_) and 2 LAN (LAN200_ / LAN230_), and i want to manage 2 firewall on the same system : WAN an LAN 200 working together and WAN and LAN 230 working together ... no crossing over LAN or WAN.

FYI: @the moment, i work on 3 VM to prepare my configuration : 1 OPNsense VM and  2 windows VM (one on LAN200_ and the other on LAN230_)

For the opnSense 1st setup/install i'm configuring LAN & WAN 200_ and after i'll try to add LAN/WAN 230_.
Initial setup works great with LAN/WAN 200_ .

But all my tested configuration to make LAN / WAN 230 working together give me no result.


Initial Conf for LAN200_ :

DHCP : no
ipv4 adress :192.168.200.166 (static)
ipv4 subnet : 20  (=255.255.240.0)
upstream gateway: non
ipv6: no
DHCP server on LAN : yes
Start range : 192.168.192.20
End Range : 192.168.192.150
revert to http : no
For WAN200_ :
simply use dhcp to get a fake internet outdoor by my physic computer (supporting WMs)

Now, i'm trying to add WAN and LAN 230_ : (all my process from sratch)
-Add interfaces lan et wan 230
         LAN230_/enabled/ipv4 static/ipv6 none/ add :   192.168.230.166/24
         WAN230_/enabled/block private/block bogon/ipv4 dhcp/ipv6 non
-System / settings / General :
         add dns server for  LAN230 (8.8.8.8 / 8.8.4.4)
-services / DHCPv4 :
         LAN230_   192.168.230.20 to 192.168.230.150 dns:192.168.230.166 gw:192.168.230.166
-firewall / settings / advanced
         - check "bypass firewall rule for traffic on same interface" and "use sticky connection" and "skip rules when gateway is done"
-firewall / NAT / outbound:
         - select manual NAT rules creation
         - add :
         interface:WAN230_
         protocole:any           
         source:LAN230_ net     
         port src:any
         destination:any   
         translation/Target:WAN230_ adresse
(add similar rule for Lan / WAN 200_   
-system/routes/configuration: add :
         network : 0.0.0.0/0
         gateway : WAN230__DHCP....
-firewall / rules/ LAN230_:
         action:pass
         apply immediatly
         interface:LAN230_
         Dir:in
         Ipv4
         Protocole any
         source : LAN230_net
         dest:any
         advance gateway : WAN230__DHCP...


What did i miss i my configuration To not get any result from my LAN230_

Great thanks for your help

Title: Re: 2 separate LAN/WAN on same computer [SOLVED]
Post by: tsystem on September 27, 2020, 04:14:03 PM
Hi,

Problem Solved, great thanks to leboubou111.
Problem come from my VMWare configuration the different WAN was connected on my same physical network (via DHCP)... and firewall become crasy .... The solution is to use the NAT network of VMWare for WAN interfaces ( unfortunalty only one NAT is supported in VMWare ) ...

Great thanks again to You !
Text only | Text with Images