Hello,
Not sure this is the right sub to post this
I have a HUNSN RS39, with 4x i225 and no matter what I do,
I can't seem to be able to get the LAN2 (OPT1) and LAN3 (OPT2)
FW is basically the exact copy from LAN1, which works just fine
Any idea ? What could I've done wrong, or what "obvious" am I missing ?
I have no VLAN set, I didn't create any FW rule except the copy-past from those of LAN1 which is running just fine (no other rules than the automatic ones)
LAN1 = 192.168.101.101/24 (for Switch1)
LAN2 = 192.168.102.101/24 (For cisco router WiFi)
LAN3 = 192.168.103.101/24 (for Switch2)
When I plug Laprtop2 in LAN1, all internet traffic and access to GUI
When I plug Laptop2 in LAN2 or LAN3, no GUI access and no Internet
Is there an automatic "set up extract to list on forum" in OPNsense ?
Did you add firewall rules for the new interfaces? Because if you did not you end up with "deny all". Easiest way is to clone and adapt the LAN rule(s).
Quote from: Patrick M. Hausen on September 22, 2024, 06:18:46 PM
Did you add firewall rules for the new interfaces? Because if you did not you end up with "deny all". Easiest way is to clone and adapt the LAN rule(s).
Hi Patrick,
Thank you for interacting in my post
As I said earlier, I've added the same FW rules as for LAN1, which works fine
Those are the only FW rules I've added to both LAN2 and LAN3
That's why I don't understand why they don't "work" :/
1. Could you please post the firewall rules for one of the interfaces?
2. Did you also enable and configure the DHCP server? This also does not happen automatically.
Quote from: Patrick M. Hausen on September 23, 2024, 01:52:51 AM
1. Could you please post the firewall rules for one of the interfaces?
Sur thing ! THey are basically the standard created ones from LAN1,copy-pasted to LAN2 and LAN3 (only change is the Interface and source)
Current rules are "allow any traffic"
Quote from: Patrick M. Hausen on September 23, 2024, 01:52:51 AM
2. Did you also enable and configure the DHCP server? This also does not happen automatically.
Bingo !!
DHCP server was not set for LAN2 and LAN3 ....
I'm now connected through LAN2 (LAN1 and LAN3 are unplugged) but I still have LAN1 IP address ... I don't understand how is that possible ?
LAN1 192.168.101.101/24 DHCP 192.168.101.102-192.168.101.120
LAN2 192.168.102.101/24 DHCP 192.168.102.102-192.168.102.120
LAN1 192.168.103.101/24 DHCP 192.168.103.102-192.168.103.120
Laptop2 connected to LAN2 but get an IP 192.168.101.102 ? Is there some kind of cross-over or bridge ? (none set, at least none intentionally set)
Could you post the output of "ifconfig" enclosed in code tags, please? "Code" is the hash mark (#) in the format bar.
Quote from: Patrick M. Hausen on September 23, 2024, 01:08:20 PM
Could you post the output of "ifconfig" enclosed in code tags, please? "Code" is the hash mark (#) in the format bar.
Sure ! I'll do it right after my meeting
If I'm not mistaken, ifconfig must be called in command line, right ? so I would need to use the shell and not the GUI, right ?
Right. Please copy the text output, not an image ;)
root@RS39:~ # ifconfig
igc0: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
description: MoDem_ETH1_icg0_black_Cat8 (wan)
options=49420b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,WOL_MAGIC,VLAN_HWTSO,NETMAP,HWSTATS,MEXTPG>
ether 60:be:b4:02:f9:18
inet 192.168.212.222 netmask 0xffffff00 broadcast 192.168.212.255
inet6 fe80::62be:b4ff:fe02:f938%igc0 prefixlen 64 scopeid 0x1
inet6 fdfe:9224:460a:0:62be:b4ff:fe02:f938 prefixlen 64 autoconf pltime 3600 vltime 7200
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
igc1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: Switch1_ETH2_igc1_green_Cat7 (lan)
options=49420b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,WOL_MAGIC,VLAN_HWTSO,NETMAP,HWSTATS,MEXTPG>
ether 60:be:b4:02:f9:19
inet 192.168.101.101 netmask 0xffffff00 broadcast 192.168.101.255
inet6 fe80::62be:b4ff:fe02:f939%igc1 prefixlen 64 scopeid 0x2
media: Ethernet autoselect
status: no carrier
nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
igc2: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
description: Cisco6co_ETH3_igc2_blue_Cat7 (opt1)
options=49420b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,WOL_MAGIC,VLAN_HWTSO,NETMAP,HWSTATS,MEXTPG>
ether 60:be:b4:02:f9:1a
inet 192.168.102.101 netmask 0xffffff00 broadcast 192.168.102.255
inet6 fe80::62be:b4ff:fe02:f93a%igc2 prefixlen 64 scopeid 0x3
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
igc3: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
description: Switch2_ETH4_igc3_white_Cat7 (opt2)
options=49420b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,WOL_MAGIC,VLAN_HWTSO,NETMAP,HWSTATS,MEXTPG>
ether 60:be:b4:02:f9:1b
inet 192.168.103.101 netmask 0xffffff00 broadcast 192.168.103.255
inet6 fe80::62be:b4ff:fe02:f93b%igc3 prefixlen 64 scopeid 0x4
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
lo0: flags=1008049<UP,LOOPBACK,RUNNING,MULTICAST,LOWER_UP> metric 0 mtu 16384
options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5
groups: lo
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
enc0: flags=0 metric 0 mtu 1536
options=0
groups: enc
nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
pflog0: flags=20100<PROMISC,PPROMISC> metric 0 mtu 33152
options=0
groups: pflog
pfsync0: flags=0 metric 0 mtu 1500
options=0
maxupd: 128 defer: off version: 1400
syncok: 1
groups: pfsync
NB: LAptop2 is now receiving the "right" IP in the LAN2 DHCP range, I guess it was just a matter of refresh too slow or some ?
Possibly. I can only confirm there is no bridge anywhere to be seen. :)