Good morning,
This question has probably been asked before but I haven't found the answer yet.
Here is the network architecture:
Internet <> Router <> LAN(192.168.129.X/23) <> Proxmox(192.168.129.254) <> OPNsense(192.168.129.64) <> VLAN10(192.168.129.10.X)
The LAN connection becomes the WAN connection for OPNsense. A ping from VLAN10 to the WAN works.
The OPNsense LAN connection is only used for OPNsense management.
The OPT1 interface manages the VLAN10 interface.
How to connect from WAN to VLAN10?
THANKS.
1. Allow traffic from WAN (=LAN of your router) IP range to VLAN10 IPrange on OPNSense
2. Alternative 1: Define routes on every LAN host that wants to connect to VLAN 10 to route the traffic towards OPNsense
2. Alternative 2: Define a route from your router to OPNSense. However, in many cases you will encounter strange behaviour so setting up a transfer network from your router to OPNSense would make sense. Don't know if you can do that on your router.
BTW: I guessed your VLAN10 has IP range 192.168.10.X - without the 129
Whenever you have mutliple routers you need to think about routes in addition to firewall routes.
It is always the same story:
Are there routes in place in and out and does the firewall enable the Traffic in the correct direction?
In your case: does the ISP Router know the Route to your VLAN10? Probably not.
If you cannot set a route there, you likely need NAT and port forwarding. Keep in mind that from the real WAN, this is a double NAT setup.
Hello,
1.
IPV4* -> WAN net * VLAN10 net * * *
IPV4* -> WAN net * This Firewall(192.168.129.69) * * *
2. for the creation of routes, I am blocked by an error
On debian 12
ip route add 192.168.10.0/24 via 192.168.169.69 dev ens18
==> Error: Nexthop has invalid gateway
IP client : ens18 : 192.168.129.73/23
opnsense interfaces : VLAN10 : 192.168.10.254/24 - WAN : 192.168.129.69/23
On ubuntu server :
192.168.10.0/24 via 192.168.129.69 dev ens18
but ping fails
On Debian 12: Try using the correct IP address of the router. Hint: It has to be in the same subnet.
Note: Configuring every host individually is quite work intensive and error-prone.
Check if OPNSense receives icmp messages for the target and if yes, sends them back - and where. Therefore you need to run a packet capture. If something is missing also check the firewall's live view.
And always make sure there is no NAT or any misconfigured route on OPNsense, too.
I would really recommend using a transfer network and set up a route in your other router.
:D Wonderfull it works !
I have another question :
I have a torrent client on a vlan10 machine. If I receive the data perfectly, I cannot send any.
I tried ssh -R from the port to a WAN machine (129.X) and did port forwarding from my ISP's modem to that machine. without success.
I've activated the DMZ zone opensense
I'd like to quote
meyergru from a post earlier:
QuoteAre there routes in place in and out and does the firewall enable the Traffic in the correct direction?