Text only | Text with Images

OPNsense Forum

Archive => 22.1 Legacy Series => Topic started by: Blade3 on March 12, 2022, 08:03:17 PM

Title: Routing between interfaces
Post by: Blade3 on March 12, 2022, 08:03:17 PM
Hi guys,
I have setup OPNSense on vmware as my firewall/gateway, between two networks:

-LAN - 10.0.0.0/8
- DMZ - 192.168.0.0/24

This works fine, however, and this is probably easy and very fundamental. I want to route traffic from the DMZ to the LAN, for certain applications. For example, an app on the DMZ web servers needs to report back to a server in the LAN, ie a deployment server, etc.

How can I setup routing on OPNSense to fulfil this?
Title: Re: Routing between interfaces
Post by: Patrick M. Hausen on March 12, 2022, 08:46:06 PM
OPNsense does route between all interfaces by default. What you need is a firewall rule to permit the traffic to pass.
Title: Re: Routing between interfaces
Post by: Juergen001 on July 27, 2022, 09:16:23 PM
Hi,
as a OPNSense newbie,
can you post an example ?

my IF
LAN: 192.168.168.0
IPCam: 192.168.0.0

Now i want to access the IPCam Net from the LAN Net


regards,
Jürgen
Title: Re: Routing between interfaces
Post by: Patrick M. Hausen on July 27, 2022, 10:04:19 PM
Should be working already. The default installation has got an "allow all" rule for LAN. Devices on LAN can access everything including your camera network.

You need to set up DHCP for the camera network, otherwise the camera(s) probably won't get an address and a default gateway.
Title: Re: Routing between interfaces
Post by: Juergen001 on July 28, 2022, 11:44:15 AM
Hi,
the internal routing works, but I can't access the Internet.

my Configuration

Fritzbox: IP 192.168.1.1/24
OPNSense:
WAN Interface 192.168.1.2/24
LAN Interface 192.168.168.112/24  dhcp for clients ON
OPT1 Interface(IPCam) 192.168.0.1/24  dhcp for clients ON

Internal routing between LAN<-> OPT1 OK

Outgoing LAN -> WAN -> FB doesn't work

Settings:
Disable outbound NAT rule generation - (outbound NAT is disabled)

FIREWALL: RULES: WAN
Action Direction      Protocol   Source   Port   Destination   Port   Gateway   Schedule   Description       
Pass      in          IPv4       *      *      *         *      *      *         *   

SYSTEM: GATEWAYS: SINGLE
   Name   Interface   Protocol   Priority   Gateway   Monitor IP   RTT   RTTd   Loss   Status   Description   
      WAN_Gateway (active)   WAN   IPv4   20 (upstream)   192.168.1.1      ~   ~   ~   Online   Interface WAN_Gateway

Title: Re: Routing between interfaces
Post by: Patrick M. Hausen on July 28, 2022, 12:08:13 PM
If you disable outbound NAT your Fritzbox needs two static routes:

Network: 192.168.168.0
Netmask: 255.255.255.0
Gateway: 192.168.1.2

Network: 192.168.0.0
Netmask: 255.255.255.0
Gateway: 192.168.1.2

if you do not control your Fritzbox because it belongs to your provider or some such, you must NAT.
Title: [SOLVED] Routing between interfaces
Post by: Juergen001 on July 28, 2022, 01:58:52 PM
Hi,
thanks for the resolution. Now it works.

regards

Jürgen
Text only | Text with Images