Hi All,
I currently have 2 PC's and my unraid server connected to the three LAN ports of my mini pc as I don't yet own a switch (but I've ordered one).
In the meantime, if I want to be able to access the unraid server web GUI on one of those PC's do I need to use a bridge or can I just create firewall rules to allow communication?
I've tried creating firewall rules but have been unable to access the web GUI. I'm not sure if that's because it's not possible or because I've set up the rules incorrectly. If I can do it with rules, can you advise how I should set it up please?
Thanks,
P195
I recommend creating a LAN bridge over your three ports. Just follow the official documentation.
https://docs.opnsense.org/manual/how-tos/lan_bridge.html
Don't forget step six!
Thanks for the recommendation, I'll give it a try this evening.
So I've created the bridge as per the docs, and have internet access on my PC's.
I've booted the unraid server (non gui mode) and entered my username and password and it's now sat at root@tower:~#
According to the unraid quick install guide (https://docs.unraid.net/unraid-os/getting-started/quick-install-guide/#setting-up-the-unraid-os (https://docs.unraid.net/unraid-os/getting-started/quick-install-guide/#setting-up-the-unraid-os)) it states:
QuoteConnecting to the Unraid WebGUI
There are two methods to connect to the WebGUI in Unraid, and you can always:
Boot Unraid in GUI mode and login (username is root, no password by default).
Open a web browser from your Mac or PC and navigate to http://tower.local
When entering http://tower.local in my browser I cant reach the GUI. Is that because I need to do some additional configuration in OPNsense (rules?) to allow the PC's to access the unraid GUI or should I be able to connect directly now that I've configured the bridge?
Thanks
If you followed the documentation to create the bridge, your three LAN ports are now (sort of) a switch. And a single interface from OPNsense's point of view. You have the assignment (Interfaces > Assignments) of "LAN" on the bridge interface now, right? And you did set the two tunables from step 6 in the docs and rebooted your OPNsense?
If the answer to all of this is "yes", than again your three ports are now a "switch" and there is nothing involved on the part of OPNsense for a device on one port to communicate with a device on another port.
You will have to take this to the UnRAID community or someone knowledgable with that particular product. I am not.
Kind regards,
Patrick
Does tower.local resolve to an IP? If it doesn't, that's a mDNS issue.
You can try to solve that (first thing to check is that OPN is not in a .local domain itself) OR find the IP (for example from DHCP leases) and access by IP.
Thanks guys, yes that's right I have the LAN (igc1) assigned to the bridge interface. I set the tunables and rebooted as per the guide.
When going to Services > ISC DHCPv4 > Leases I see:
(https://i.postimg.cc/ZYMYqYJz/leases.jpg)
So I tried entering 192.168.49.110 into the browser but that didn't resolve.
Sorry, how do I find out if tower.local resolves to an IP, and check that OPN is not on a .local domain ?
Quote from: P195 on November 02, 2024, 10:02:59 PM
Thanks guys, yes that's right I have the LAN (igc1) assigned to the bridge interface. I set the tunables and rebooted as per the guide.
You cannot have the LAN assigned to igc1 and the bridge interface. It's either-or. It must be assigned to the bridge interface
not igc1.
Please show your Interfaces > Assignments screen.
Is W11 your LAN? It's the only one that shows up under DHCP.
And once you sort out the bridge, I would expect your other 2 PCs to show up in that list (unless you have static IP configured properly).
The hostname is promising. mDNS might actually work fine once your basic setup is correct.
The OPNsense domain is in System > Settings > General -> Domain. It's also displayed at the top of the screen (root@OPNsense.<domain>).
Sorry, my mistake. I was wrong in what I said.
What I should have said was what used to be igc1 is now bridge0 (W11), and igc1 is now assigned to opt3:
(https://i.postimg.cc/0jS933rH/interfaces.jpg)
I've set up my own hostname and domain name under System > Setings > General so no, I believe that means it's not on a .local domain.
QuoteIs W11 your LAN? It's the only one that shows up under DHCP.
Correct.
Quoteonce you sort out the bridge, I would expect your other 2 PCs to show up in that list (unless you have static IP configured properly).
So unraid and mint should both have entries under Services > ISC DHCPv4 after setting up the bridge?
note: I had to disable the existing DHCP entries for unraid and mint in order to to change the interface IPv4 Configuration Type to none as mentioned in the guide (I got a red banner saying I couldn't change it until DHCP was disabled). Those entries then disappeared from the ISC DHCPv4 list.
If you followed the instructions in order, the static IP settings of W11 (your LAN) and DHCP settings for W11 should have been left untouched in step 3...
BTW, the assignments are the other way around: OPT3 assigned to igc1.
And you might want to change your interface names at some point (note that the instructions had you unplug/replug a cable in step 3, so your naming convention might no longer work).
In the final state, OPTx should have no IP configs (none, none), W11 is assigned to bridge 0 (your LAN bridge acting as a switch, encompassing the 3 OPTx). W11 should have a static IP (default 192.168.1.1) and DHCP should dish IPs for that subnet.
Once that's setup properly, any device connected to either ports should be able to get IPs assigned via DHCP and be able to communicate between each other. mDNS might even work.
QuoteIf you followed the instructions in order, the static IP settings of W11 (your LAN) and DHCP settings for W11 should have been left untouched
That's correct, no changes were made to these as I followed the guide precisely.
Quote
In the final state, OPTx should have no IP configs (none, none), W11 is assigned to bridge 0 (your LAN bridge acting as a switch, encompassing the 3 OPTx).
Yes I have no IP configs set for any of the OPT 1,2 or 3. W11 is now assigned as Bridge 0. The bridge contains member interfaces OPT 1,2 & 3.
QuoteW11 should have a static IP (default 192.168.1.1) and DHCP should dish IPs for that subnet.
Correct except I've changed mine to 192.168.49.1
Unfortunately though, I'm still unable to reach http://tower.local or the IP lease for the server of 192.168.49.110
So I've gone through the whole guide again from scratch and followed to the letter.
Interfaces end up as:
[WAN] WAN igc0
[LAN Bridge] LAN Bridge0
[Win11] OPT3 igc1
[Unraid] OPT1 igc2
[Mint] OPT2 igc3
Restarted all devices. Plugged in WAN cable to igc0, W11 to igc1, unraid server to igc2, left mint disconnected.
Once at console I see:
LAN Bridge (bridge0) -> v4: 192.168.49.1
Mint (igc3) ->
Unraid (igc2) ->
WAN (igc0) -> v4/DHCP4: 192.168.1.207/24
I noticed W11 is not on that list, is that expected? On the W11 PC, there is no network access. Properties of adapter are set to "obtain an IP address automatically".
You need to assign "W11" to bridge0 in Interfaces > Assignments.
I changed my naming from before. My LAN is now set to Bridge0 (now named LAN Bridge). The new assignment (igc3 - the one that was unassigned after step 3) is OPT3 (now named W11).
I don't get it. Your IP address assignment, DHCP configuration, and firewall rules must be applied to the interface name that is assigned to bridge0. There must be no configuration whatsoever on the member interfaces. And then with the two tunables in place it should "just work".
@P195, maybe you missed a save or an apply somewhere...
Any of the interfaces that should be connected to the bridge should get you physical connectivity.
If the managing PC is connected to any of these interfaces, you should see network activity (blinking ports).
If you don't see any lights, I suspect that the corresponding interface/device is not enabled.
With blinking lights, if you don't get an IP automatically, set a static one on the PC in 49 range.
Get back in OPN GUI:
In assignments, I suspect you have an unassigned igc1 device.
Assign W11 to it and make sure it's included in the bridge.
Also, ISC DHCP should still have a section for the LAN interface for that 49 network.
Actually, the state you describe at the end of reply #13 is very consistent with the expected state after Step 3 of the guide.
During step 3, connectivity is lost because the original LAN device is now orphaned.
That's why there's this in the guide:
At this point you will need to swap your LAN cable from the existing LAN connection to one of the NICs that were added to the bridge interface, once connected then you must wait, it can take some time for the interface to come back up but keep refreshing the web interface until it does.
Double-check the state of everything from step 4 forward.
At the end of the guide, you can swap back to that original NIC if you'd like.
Ok I've got it to work now.
I'm sure I followed all the same steps as before, but I obviously missed something. I think it was possibly because I forgot to enable the igc1 assignment as you suggested.
In the console I now see:
LAN Bridge (bridge0) -> v4: 192.168.49.1
Mint (igc3) ->
Unraid (igc2) ->
W11 (igc1) ->
WAN (igc0) -> v4/DHCP4: 192.168.1.207/24
Also In Services > ISC DHCP > leases I see three leases for W11 / Mint / Unraid.
When typing http://tower.local in the address bar as suggested in the unraid documentation it wont resolve, but if I type the DHCP lease IP address in the address bar it does.
So it looks the bridge is now working as expected.
I got there in the end and I appreciate your support!
I've got a switch coming in the next week or so, so this will probably be irrelevant and I expect I'll have new challenges getting that configuration working too! Nevertheless, it's all good exposure and learning. At least now I can have a play with the Unraid GUI.
P195
yeah!
A switch, especially unmanaged, is very simple. It just allows you to expand your physical network.
One port goes to OPN, and I'd suggest plugging all 3 devices directly into the switch, leaving OPN out of the loop for most intranet traffic... They will keep their IP addresses.