OPNsense Forum
English Forums => General Discussion => Topic started by: hushcoden on October 09, 2021, 05:54:35 pm
-
I have a pretty simple config, i.e. WAN + LAN + LAN2 with
1) LAN = 192.168.0.1/24
2) LAN2 = 192.168.10.1/24
I cannot access/ping the device on LAN2 - can someone please advise which rules on LAN2 I have to setup to accomplish that?
Tia.
-
none. If you have properly set up your IP and Default Gateways then you should have no issues with different VLANs.
-
I have no VLANs, a 3-LAN port device :-\
I thought by default the devices on the LAN network can access devices on any other LANs ::)
-
Somehow I am now able to connect to the Raspberry Pi 4 on a static IP - 192.168.10.50 - using VNC Viewer/Server, and another issue: if I launch the browser from within RB Pi I have no Internet, what am I missing?
Tia.
-
I did add a rule for DNS and now I can browse the Internet
-
Can someone please advise on which rule(s) I should have on my second port/LAN in order for the device (Raspberry Pi 4) to be fully functional overt the Internet?
I have just two rules and while I can ping an IP address, if I try with the website name, it doesn't work, how come?
Tia.
-
You are on a default lan which mean vlan 1. you cannot have multi IP addresses on a single vlan.
1 create multiple vlans and assign IPS to them.
2 assign the vlan to the proper ports.
problem solved.
-
OP - step back from all this and describe your desired network setup, particularly how you want DNS to work. Do you want the pihole exclusively doing DNS, or do you want it to upstream back to unbound or dnsmasq on OPNsense?
At the very least I suggest a rule on LAN2 allowing LAN2 net access to the gateway (192.168.10.1). Obv that should be above the block rule
You should also describe how you have connected devices to each LAN port. Are you connecting directly, or using managed switches?
-
Thanks for the reply!
As I said, I have a pretty simply config:-
1) I have no VLANs, no switches - it's just a 3-port device:
WAN <--> modem (bridge mode)
LAN <--> WAP
LAN2 <--> RB Pi 4
2) the RB Pi 4 is wired to LAN2 port
3) I'm not running pi-hole, but a different service
4) I want(ed) to be able to log in to RB Pi GUI from a LAN device, giving the service running on the RB Pi full access to the Internet as well as blocking LAN2 devices accessing LAN: with those 2 rules it seems all working properly
Any suggestions about adding any other rule(s) ?
Tia.
-
Yeah, sorry, shouldn’t have assumed Pi = pihole. Sounds like you have achieved what you wanted - the Pi can’t access LAN1 net but can access the gateway and everything else
-
One thing I'm not 100%, the DNS resolution: I don't want LAN2 uses LAN/Unbound for DNS, how do I double-check that ?
-
Check the nameservers on the Pi by running “sudo cat /etc/resolv.conf” on it
If you want to override the system DNS settings on OPNsense for a particular subnet, set the DNS settings in the DHCP config for the relevant interface