OPNsense Forum

Archive => 15.7 Legacy Series => Topic started by: essdeeay on October 17, 2015, 11:41:40 am

Title: WAN gateway on different network
Post by: essdeeay on October 17, 2015, 11:41:40 am
I've just started using a dedicated server from OVH with ESXi, with an additional IP address.  The additional IP address is assigned by ovh, and they also give a MAC address, which I have to set on the virtual machine running OPNsense (all of which is fine).  However, the gateway you have to use for this additional IP address, *must* be the gateway of the network that the ESX host itself is sitting on.  They explain it here: http://help.ovh.co.uk/BridgeClient

OPNsense doesn't allow a gateway which is not on the WAN subnet, so to make it work I added the following routing commands in /usr/local/etc/rc, immediately before the 'exit 0' at the end.

Code: [Select]
route add -net 12.34.56.78 -iface vmx1
route add default 12.34.56.78

This now allows the OPNsense machine to access the Internet etc.  However, a client on the LAN side of OPNsense cannot.  Using tcpdump I can see the ping packets from the LAN client, hitting the WAN interface of OPNsense, but nothing after that.

Is there anything I can do to get this situation working?

Many thanks,
Steve
Title: Re: WAN gateway on different network
Post by: lucifercipher on October 20, 2015, 10:48:31 am
Hello,

The easiest way to do and check it to add a Static route from "System" tab. Then you can create a firewall rule for the Virtual IP created and test an access from the outside through OPNSense VMachine. Now it happens that private networks are blocked so you need to disable "block private networks" option for testing purposes. Just a suggestion. I hope it helps.
Title: Re: WAN gateway on different network
Post by: essdeeay on October 20, 2015, 12:53:42 pm
Thanks for the reply lucifercipher,

I did try with various static routes with no success.  However, the easiest solution in the end was to set up a basic debian/ubuntu box (which does allow non-reachable gateways (but only post-installation)) to act as a NAT point and blindly forwards traffic both ways.  Then attached to this is OPNSense as usual.