I have my OPNSense PC connected to a Motorola modem. The modem uses 192.168.100.1 for the web interface. From my LAN I cannot reach it in a web browser despite the fact that I have an any/any rule set up for the LAN. The weird thing is that I can reach it from other VLANs on another physical NIC without issue. To make things even stranger, I can ping it from the LAN, I just can't open it in the browser. Is there any logical explanation for this?
Assuming your modem is connected to your WAN. You might need to assign a Virtual IP to your WAN within the same subnet as your modem, eg: 192.168.100.2/30
Thanks, I tried that just now, but it didn't seem to change anything. I can ping the modem, but can't get to the web console from the LAN. The VLANs on my WiFi interface can reach it no problem.
What IP address range does your LAN use?
192.168.6.0/24
You probably need to NAT that to the 192.168.100.2 address when accessing 192.168.100.1.
Can anyone tell me how to create the NAT rule to make this work?
I have confirmed that just adding a virtual IP to the WAN interface as suggested does not fix the issue. I can access the web interface of my modem from any other interfaces, but not from my LAN.
I have a bunch of VLANs on my WiFi interface, and so from my cell phone on the WiFi I can get into the modem webUI.
The annoying thing is that I can still PING the modem from my LAN, it just won't let me into the web console.
If ping is working but web is not ... and web is working from other VLANs, then there is nothing fundamental going wrong but some tiny thing is misconfigured.
So to help you we will need all relevant configuration, meaning
- all interfaces - WAN, virtual IP, LAN, one of the interfaces that is working
- all firewall rules - WAN, LAN, one of the interfaces that is working
- all NAT rules - WAN, LAN, one of the interfaces that is working
Rest assured that IP addresses by themselves are not security relevant information. Nobody cares about your private addresses, so please post them verbatim.
If you want to obfuscate your external IP addresses, go ahead.
Kind regards,
Patrick
Is there a way to export this information or do I just need to manually type everything out?
Screenshots of your OPNsense UI?