OPNsense Forum
Archive => 18.7 Legacy Series => Topic started by: XOIIO on January 25, 2019, 05:07:36 am
-
Hey everyone, so this is probably going to be a bit confusing, hopefully not too much so, and hopefully I can explain what I'm trying to do.
So, for starters to "set the scene", my ISP provides on a vlan, for static IP addresses, it's vlan 3000.
My OPNSense box only has two Ethernet ports, and I've gotten it set up and working for a while now without any issues, with one going to the optical network terminal and the other to a 48 port managed switch.
What I want to do now however, is move a web server onto a second static IP that my ISP has assigned, so that I can keep my personal stuff on it's own external IP, and monitor traffic for the web server individually.
Now, poking around in the wan interface, it looks like I might be able to add another upstream gateway on the ipv4 field, not sure if that's correct or it will work, so looking for clarification on that.
I'm also then wondering how I go about only selecting a single internal IP address to use this second gateway. Considering I only have two ethernet ports on my opnsense box, and the machine I want to use the second gateway is a virtual machine, setting specific interfaces to be their own vlan or isolate them completely isn't going to be an option, so I'm a little lost on how I can get this going, and hopefully someone can provide a link to a tutorial or something like that to show how it's done.
Thanks.
-
Is your entire public IP range on the 3000 VLAN?
If so, just put in a 1:1 NAT for the second IP.
Bart...
-
Ah, do I just need to specify single host or address?
All my other rules for port forwarding are set to any wan address, so going to my first one which shows up as one of the interfaces, I'm also hoping to essentially have it show as "WAN2" or whatever I would label it on the main page, I figure I'd have to manually configure it as a second gateway.
I did just find that setting under system however, seems sleep helped, so I'll set that up and hopefully everything uses the first WAN and the second will not be used automatically by mistake. It is set to default so hopefully numbering the second one won't cause it to be higher priority due to the number in the name.
edit: alright, I have that up and switching the server from any wan address to the external one works with NAT reflection but not from outside the local network, probably because specifying a single host or network means that it will only accept connections from a specific external IP, like if I only wanted access to something from work or something like that. Getting close though.
I just need a way to have "wan2 address" as an option really.
-
Well, I've been poking at this on and off and trying different things but no matter what I try with either 1:1 or outbound NAT I just can't get it to work, uhg.
-
Alright so I watched some pfsense stuff and it looks like the virtual IP section is what I want, and if I set port forwarding to my second static IP for this one machine, like this, I can access it from the web."
The problem is that it kills everything else on my network, I can load google, but basically no other webpages. Once I put it back to "wan address" and reboot everything is normal.
(https://i.imgur.com/ZMSOjfN.jpg)
(https://i.imgur.com/tTuBspa.jpg)
-
So it looks like adding the virtual IP at all is what's killing my internet, not the rule.
In my lan and wan firewall rules, I have them set to * for the most part, so I'm wondering, do I need to specify the first static IP for this to work instead of relying on it just being the default? Is that what's killing my internet when I add a virtual IP?
(https://i.imgur.com/Tcle7Le.jpg)
(https://i.imgur.com/cyjPk2c.jpg)