OPNsense Forum

Archive => 19.7 Legacy Series => Topic started by: gcesab on November 21, 2019, 10:47:41 am

Title: Traffic between internal networks
Post by: gcesab on November 21, 2019, 10:47:41 am

Hi all,
I'm new to OPNsense and I'm not able to resolve a problem.

I have two parallel internal networks: a gigabit one with address 192.168.0./24 (LAN) and a 10gbe one with address 10.10.0.0/24 (OPT1).

All internal hosts have two interfaces, one for gigabit and one for 10gbe and all have default gateway pointing to 192.168.1.1 (OPNsense).

How can I allow traffic between the two subnets? In particular all SQL requests from PHP to MariaDB servers are not replied at all (Apache receive HTTP requests on LAN address while send requests to MariaDB to OPT1 address).

Here are screenshots of my rules on LAN and OPT1, please help!!! Thanks

Title: Re: Traffic between internal networks
Post by: lfirewall1243 on November 21, 2019, 01:40:25 pm

Are the Packets getting dropped under Firewall->Protocol->Liveview?

Title: Re: Traffic between internal networks
Post by: smooth_81 on November 21, 2019, 02:04:35 pm

why do you connect every machine with both networks and try to route everything through your Firewall?
This mixes direct connected networks with routed networking. This puts asynchronous connections in place and makes your complete setup unnessecarily complex/complicated?
and pointing default gateway over 1gbe seems very odd and limiting your throughput

try to cleanup your network design!

Title: Re: Traffic between internal networks
Post by: gcesab on November 21, 2019, 04:00:08 pm

Smooth you are right, I'm not a network expert, but my internet connection is 1gbe and so the gateway seems to me appropriate. With my old firewall all worked well but the firewall was some way incompatible with the internet router so I had to change.

In short, all traffic from and to internet should goes on LAN, iSCSI, Samba, SQL queries and remote desktop should go on OPT1. In my network there is a ESXi host with some VMs, three physical Centos machines and many LXD containers on two of them (a couple of web server, two galera clusters, etc.) and my work PC with Windows 10.

So, assuming that internet HTTP requests go to apache webserver on LAN, how I can connect Apache with MariaDB on OPT1 if I don't have both connections? My work PC map Samba shares on OPT1 but can connect MariaDB only on LAN, why? Any suggestion will be greatly appreciated

Sorry for my english writing, I'm italian