OPNsense Forum

Hi. I would like to start my adventure with opnsense and know more day by day. I decided to buy dell wyse 5070 and make firewall for study purpose.
The network at the moment looks like the picture below.
(https://i.ibb.co/283k7L1/Zrzut-ekranu-2022-06-3-o-08-02-00.png)
The ISP's router has the ip address: 192.168.0.1 then I run the internet through a powerline cable to my room where I want opnsense to run: LAN 192.168.0.3, then a USB-ethernet as WAN 192.168.1.1 to my router (opnwrt): 192.168.1.2. from the router the internet is to go by cable to the computers.
The steps in the video above have been done:
https://www.youtube.com/watch?v=doFZiJrBnek (https://www.youtube.com/watch?v=doFZiJrBnek)
The steps from the link below have also been done:
https://homenetworkguy.com/how-to/use-opnsense-router-behind-another-router/ (https://homenetworkguy.com/how-to/use-opnsense-router-behind-another-router/)
but the Internet still does not work in the router (192.168.1.2).
Where am I making a mistake? What is wrong?
Tell me what to do step by step.
Greetings

Maybe start by using one router instead of many.

Start reading here: https://en.wikipedia.org/wiki/OSI_model

What's wrong with separating the network? I've been working this way so far and it's fine, thanks to this the person I live with can't see my devices, additionally thanks to the router I can access these devices wirelessly.
Using one router in my opinion is not the answer to my opnsense configuration problem.

based on your information, you are interchangeably using firewall/router as if they were the same. They are not.

So, based on the statement above. you have not provided sufficient information for me to help you.

one hint, I see triple NAT'ing...

What information do I need to provide or what can I do to help?

WOW, where to begin...

how far can you ping? or better yet, can you ping anything from anywhere... LOL

Quote from: guest33474 on June 03, 2022, 10:02:33 AM
What's wrong with separating the network? I've been working this way so far and it's fine, thanks to this the person I live with can't see my devices, additionally thanks to the router I can access these devices wirelessly.
Using one router in my opinion is not the answer to my opnsense configuration problem.

IIUC, you have started the adventure of learning some networking.  It would make sense to me to start with the least complicated network design, and once everything is working for a while, go for the next step.  The least complicated network design doesn't involve multiple routers/firewalls.

For learning networking, I found the documentation of the 5500 series switches from HP extremely useful.  If you can get one of these switches for a reasonable price, go ahead and get one.  Otherwise, you can probably as well start with a Procurve 2848 or the like and use their documentation.  HP has outstanding documentation for their stuff.

As to routers/firewalls, HP makes or made the MSR 1000 series, like the MSR 1002.  The documentation on those is also outstanding, and I can highly recommend it.  You can probably get a MSM 1002 for like 100 off ebay.  They are great for learning; the only disadvantage is they have a fan which can get rather annoying, though it's pretty quiet.  The switches are way louder.

I don't know what you mean by "separating the network".  Routers are not for separating networks but for connecting them :)  Of course you can have multiple routers within the same network, and when you know what you're doing, it can be useful.  In any case, each router makes a single point of failure, and routers tend to be crucial because when they don't work, the network(s) they connect tend to be disconnected, and that can very easily get expensive.

Ok, change of concept:

(https://i.ibb.co/G5tJ06D/Zrzut-ekranu-2022-06-6-o-10-24-52.png)

We have a router from the ISP (192.168.0.1)
I want to connect a computer with OPNSESNE to it (configured to 192.168.0.2).
I connect usb-ethernet to it (configured to 192.168.0.3).
The usb-ethernet card is connected to a switch (which I bought THIS WEEK [Qnap QSW-2104-2t]).
What should I do (how should I configure opnsense) to use the built-in rj45 connector on my computer (labeled LAN in opnsense) to access the Internet on the switch with the usb-ethernet card (labeled WAN)?
Regards.

Quote from: m8kbv on June 06, 2022, 09:55:08 AM
Ok, change of concept:

First of all, you should not add your post to a similar thread rather you should have started a new thread.

As mentioned earlier in this thread, your configuration is not good. ;) What make/model of router do you have from your ISP, who is your ISP? Can the router from your ISP do 'passthrough' (of your internet connection), if you don't know then do some research on the model.

This is my thread, I created my account anew.
Compal ch7465lg-lc, ISP: UPC.
The router has the following functions disabled by the operator: nat, port and modem mode forwarding, passthrough. These options are not there, I know that in other configurations of this router they should be. The contract is not on me and I can't ask the operator to activate these functions.

routing can only between different networksegments, so do not use 192.168.0.2/24 and 192.168.0.3/24 on your opnsense router. But rather use 192.168.1.1/24 (for example) for the  LAN part.

I think this is a nice starting guide: https://homenetworkguy.com/how-to/use-opnsense-router-behind-another-router/

192.168.0.3 is for wan opnsense, 192.168.1.1 is for wan.
I used this link but apparently I was doing something wrong, after work I will sit down to try the configuration again.

Get rid of the router provided by the ISP.  Get decent network cards for your computer and forget about USB.  Get a switch that can be managed; unmanaged ones are for special cases only and are of very limited use.

You can skip 2.5Gbit and better either stick with 100MB (which is plenty for learning and inexpensive) or 1GB (which is fine for anything but special cases).  Then if you really do need more bandwidth, go straight for 10Gbit.  (What's the point of 2.5?  If you have that much data to transfer and if your hardware is fast enough for it, then 2.5 is a bottleneck and you want 10Gbit.  2.5 is merely a bad joke.)

What exactly are you trying to accomplish?

Quote from: m8kbv on June 06, 2022, 11:28:04 AM
This is my thread, I created my account anew.
Compal ch7465lg-lc, ISP: UPC.
The router has the following functions disabled by the operator: nat, port and modem mode forwarding, passthrough. These options are not there, I know that in other configurations of this router they should be. The contract is not on me and I can't ask the operator to activate these functions.

I should have said 'bridge mode' earlier, I'm on PPPoE which uses passthru.

According to the support page for your ISP, all you need to do is contact them and ask for Bridge Mode to be activated, take a look at this page: https://www.upc.ch/en/support/internet/connect-box/settings/

That page does talk about a different modem but it's worth asking their support to do it for your specific modem.

I know, but I don't have access to the person's internet credentials.

Quote from: defaultuserfoo on June 06, 2022, 04:22:49 PM
Get rid of the router provided by the ISP.  Get decent network cards for your computer and forget about USB.  Get a switch that can be managed; unmanaged ones are for special cases only and are of very limited use.

You can skip 2.5Gbit and better either stick with 100MB (which is plenty for learning and inexpensive) or 1GB (which is fine for anything but special cases).  Then if you really do need more bandwidth, go straight for 10Gbit.  (What's the point of 2.5?  If you have that much data to transfer and if your hardware is fast enough for it, then 2.5 is a bottleneck and you want 10Gbit.  2.5 is merely a bad joke.)

What exactly are you trying to accomplish?

Although you have some valid points. I think the topic starter  first needs to address (learn) the problem. Basically you are saying: "throw everything in the bin. What are your needs and requirements?".

Sure crappy (usb) NICs can cause problems but is this the case? (i doubt it). We do not know.

If the topicstarter cant make this double NATted network work, how will a managed switch fix this?

I'm not suggesting that a managed switch should be used to fix issues.  I'm suggesting to use hardware (and software) which isn't likely to bring about issues by itself and which is useful for the purpose.  The OP has set out to learn about networking step by step, and to do that successfully, aquiring good hard- and software is one of the first steps.

And yes, I throw hard- and software that gives me issues in the bin.  There is no other way, for lots of reasons, unless your purpose is messing with that kind of hard- and software.

How useful is an unmanaged switch to learn networking step by step?  How useful is it to mess with USB things which may work or not, or maybe sometimes work, and which don't have anything to do with networking when the purpose is learning about networking?

You can do double-NAT just fine (NAT kinda doesn't get worse than it already is just because you do it multiple times), and doing it can be useful for learning.  Yet what do you do when it comes to IPv6?  I can only suggest not to learn networking without IPv6.  What do you do when you start setting up VPN connections between different sites?  Having a router and firewall getting in your way isn't helpful for that.  And what if you want to make your web server accessible from the internet when you have a firewall/router in the way which blocks access?  What if you want to run your own email and/or XMPP server?

But maybe that's not what the OP wants, hence my question what exactly they are trying to accomplish.