Hello,
I'm a bit stuck here, maybe someone can help me.
My problem is as follows: my Fritz!Box 6850 LTE uses a 192.168.178.0/24 network.
I have assigned a 10.0.0.0/15 network to Opensense.
Now, I can access the GUI of the Fritz!Box and ping it. However, I can't access the internet (for example, I can't ping google.de/1.1.1.1 doesn't work either).
I had tried this a few weeks ago and had the same problem,
I then read that one should set up a route in the Fritz!Box for the Opensense machine, but unfortunately, that didn't help either.
I would really appreciate your help.
Greetings,
Chris
Hi,
you're using the LAN of your fritzbox - which doesn't understand more than 1 LAN, except for guest - as a transfer network. That means, you need to configure WAN of OPNSense to be part of Fritzbox LAN, usually DHCPv4 or static IP config with default gateway = your fritz box' IP .
IPv6 would require you to configure fritzbox to offer prefix delegation in DHCPv6.
Well those FRITZBOX! "issues".
Usually how you want to do this is to set the Telco modem into Bridge mode. Basicaly to let Modem handle just the "wanny modulation" but anything from L3 let to OPN handle it.
Problem is as I learned some FRITZBOXEs! dont have the option to set them into bridge mode. And basicaly you are left with only one option on IPv4 which is double NAT. Where OPNsense does NAT its LAN IPs to the IP of FRITZBOX subnet and FRITZBOX is NATing that IP to its TElco assigned public IP.
INTERNET---(TELCO assigned PUBLIC IP)----FRITZ (.1)----(192.168.178.0/24)----(.2) OPNSense----10.0.0.0/15-- LAN
--------------------NAT 192.168.178.0/24 > TELCO------------ NAT 10.0.0.0/15 > 192.168.178.0/24--------------------
https://forum.opnsense.org/index.php?topic=35668.0
https://forum.opnsense.org/index.php?topic=35444.0
Double NAT is not a good thing even more so close to the source.
Regards,
S.
Yes, fully agree. Another reason to go with IPv6.
Quote from: Seimus on November 30, 2023, 09:45:17 AM
And basicaly you are left with only one option on IPv4 which is double NAT.
Well, Fritzboxen are not
that crappy. You can also disable NAT on OPNsense completely and set a static route for the LAN network of OPNsense in your Fritzbox. As far as I know all models supports static routes. There are far worse "plastic routers" that cannot do even that.
Kind regards,
Patrick
Quote from: Patrick M. Hausen on November 30, 2023, 11:19:18 AM
Quote from: Seimus on November 30, 2023, 09:45:17 AM
And basicaly you are left with only one option on IPv4 which is double NAT.
Well, Fritzboxen are not that crappy. You can also disable NAT on OPNsense completely and set a static route for the LAN network of OPNsense in your Fritzbox. As far as I know all models supports static routes. There are far worse "plastic routers" that cannot do even that.
Kind regards,
Patrick
Not saying they are crappy :). I did had in the past those "plastic routers" so the pain is very well known in my case. I usual buy my own "router" or "modems" that I can manage and configure, as often the provided ones from ISPs are garbage in my country viz O2, the modems they are providing here are just pain... My experience with pro ISP devices are very very very bad.
When I have to deal with xDSL, I can do what I can to have the modem in bridge and L3 handle by a proper Router or in this case OPN. Thankfully now I have a ISP that is capable to deliver IPoE and is not arguing that I can not have my own managed device.
Regards,
S.
You should be able to put your Fritzbox into 'bridge mode', check the instructions on this page:
https://www.edpnet.be/en/support/installation-and-usage/internet/manage-fritz!box/how-do-i-configure-my-fritzbox-in-bridge-mode.html
Although it's for a different model it should also work on your 6850, try it and see if it works for you. You'll then be able to point the Fritzbox to an 'exposed host' which would be the WAN port on your OPNsense firewall.
I suppose my question would be, why are you using a Fritzbox for the connection can't you connect your OPNsense server WAN port directly to your internet connection?
Okay,
I will have a look around. And let you all know if there are any Updates.
Okay, it seams like that my Fritz!Box dos't not suport Bridge mode, for what ever reson. I also saw in a Viedeo that you need at least 2 Public IPs, becuase the WAN Port always takes one regadless.
I for now asume that I can't avoid the double NAT. And unless somebody has a new sugestion for me, this is where I give up.
Maybe someday when (if, this is still Germany) I get Fiber.
You can use a static route instead of double NAT ...
I do have a static rount to and from the Fritz!Box...
Ok, I fixed it. I just forgot to add a 0.0.0.0/0 route from the Opnsense to the Fritz!Box. And that fixed it.