Hello,
I'm trying to set up a second LAN on my router and I can't get passed the DHCP part and since I'm a noob at this maybe DHCP isn't the last of the process to get the second LAN working. So I'm here looking for help.
LAN1 is set to 192.168.1.50
LAN2 is set to 192.168.1.51
What I'm intending to do is use my LAN1 to connect to my switch for all my wired connections and LAN2 to be connected to my WIFI extender, this way I monitor how much bandwidth is being used by wired and wireless devices separately.
LAN1 has its DHCP set up and I used a YouTube tutorial to get through that (https://youtu.be/_IzyJTcnPu8)
For LAN2 I haven't found a tutorial of any kind that has worked for me, last night while I tried to figure this out it just broke my brain.
I believe that Firewall rules are also needed to allow internet access to LAN2 based on Google searches, that too I cannot figure out.
Any help would be appreciated.
P.S. Not sure if it matters but to point it out the computer I'm using is a laptop and I'm using USB to Ethernet adapters for Ethernet ports.
Theres two choices, you either create a new subnet, so for example
- LAN1 is set to 192.168.1.50/24
- LAN2 is set to 192.168.2.50/24 (You need to create firewall rules on the new interface)
Or you create a transparent bridge between LAN 1 and LAN 2, and the Bridge Interface gets the IP 192.168.1.50.
https://docs.opnsense.org/manual/how-tos/lan_bridge.html
(Would not recommend the bridge with usb lan though)
Okay, thanks for the information and how exactly would the new firewall rules look like?
When I go to the firewall rules to DHCP there is a message in Available range that reads "No available address range for configured interface subnet size." I put the Subnet as suggested 192.168.2.50.
You could also choose 192.168.2.1/24 as your interface, then it would work right away. And for the firewall rules, just go in Firewall: Rules: Lan and clone the rules there, just change the interface to LAN 2 and save/apply.
Interesting
So I went with 192.168.2.50 and I cloned the rules as you suggested, my phone is getting a connection to my WIFI BUT when trying to load anything on the internet on my phone nothing will actually load. What am I missing?
Maybe you are missing an Outbound NAT rule.
Perhaps I am. The generation is set to automatic and not trying to pretend like I know what I'm doing just logically it seems I have 2 options
1) switch to hybrid NAT rule generation to keep the automated generation going to keep all my current settings and then manually add an outgoing rule for LAN2, I guess??
2) If Port Forwarding is as it sounds to me then I could port LAN2 to the WAN port... if that is correct it sounds easier but also slower than the first option.
If its on automatic then it should create the outbound nat rules automatically. Did you put a dns server into your DHCP server (e.g. 8.8.8.8 for google dns)? And is the gateway in the dhcp server 192.168.2.50?
It was on automatic I switched it to Hybrid and then I fiddled with an outbound rule to no avail. My phone indicates that my WIFI is connected without internet. About a minute ago I deleted the outbound rule I made since it wasn't helping any way. I use 1.1.1.1 and 8.8.8.8 for global DNS.
Including a screenshot for the DHCP of my LAN2
Based on what I'm seeing here, LAN2 is able to receive but not able to send out so I guess that means an outbound rule is needed?
Please go to Firewall: Diagnostics: Statistics: rules and expand "nat rules" and post all rules that have "nat" as description.
Then go to Firewall: Rules: LAN2 and make a screenshot of the rule you created and post it here.
Here you go :D
Change the source in both firewall rules to "LAN2 net"
Eh, that worked, I don't really get why or how haha but it worked. Thank you so much. :)
Good, happy it worked for you.
And if you want to know why it did, its a firewall. All connections need a rule that allow that connection.
Prior to the adjustment, the rule allowed all incoming traffic on the interface LAN2 that had the network LAN1 net as source. But since your phone had LAN2 net as source the traffic was blocked.
Now its allowed.
Yeah that makes sense, as you can tell I'm very new to this.