OPNsense Forum
Archive => 17.1 Legacy Series => Topic started by: amithad on May 12, 2017, 12:09:23 pm
-
Hi,
I'm building a transparent firewall and totally new to OPNsense. When I followed the OPNsense documentation pertain to Transparent Filtering Bridge ( https://docs.opnsense.org/manual/how-tos/transparent_bridge.html (https://docs.opnsense.org/manual/how-tos/transparent_bridge.html) ) , and as soon as I followed the Third step of creating the bridge ; I was not able to access the LAN interface by typing http://192.168.1.1
Do I have to have three Ethernet cards (LAN, WAN and OPT1 ) to build a transparent firewall and configure it?
Thanks
-
My firewall setup is as follows:
Internet <-------->Firewall<--------->Transparent Firewall(OPNsense)<-------> LAN
-
No, 2 is enough. 1x LAN and 1x WAN
Gr. Micky
-
Hi Micky,
Thanks for your reply. Could you tell me why I was not able to access the management interface after creating the bridge?
Thanks again :)
-
Hi amithad,
i believe you don't need a bridge. Interface1 is WAN, Interface2 is LAN. Now you enable the Proxy. The Rules are creating automatic. Test it with manual Proxy (http Port 3128) in your browser, when ok you can enable the transparent proxy and check again.
-
Hi Micky,
Thanks a lot for your valuable information and time on my matter. I am implementing this OPNsense firewall to mitigate the drawbacks of my tire1 firewall which is I'm not allowed to change.
I'm planning to do this without changing the IP addresses of my LAN. I hope that the WAN interface and the LAN interface can apply the IPs of the same subnet on my OPNsense firewall!! I'll try your valuable information of the transparent proxy as well.
For further clarification I give my IP addressing plan below:
Internet<----> Tire1 Firewall's Internal IP (192.168.2.7/24)<----->OPNsense Firewall's WAN IP(192.168.2.6/24)===OPNsense Firewall's LAN IP ( 192.168.2.6/24)<------> LAN(192.168.2.0/24)
Since the routing function happens between Two subnets I doubts whether I can give the same subnet's IPs for my OPNsense firewall's WAN and LAN interface :-\
I hope I gave my requirement clearly...!!! I want to know whether it's possible to achieve it using OPNsense.
Thanks :)
-
Good Morning,
i believe you need compelingly different subnets for WAN and LAN.
Gr. Micky
-
Good Morning Micky!
Thanks for the information. I'll try with your information.
Thanking you again :)
-
FYI: I just updated to docs as there have been some changes since 15.7.11 that prohibit the filtering bridge to work with further configuration. See: https://docs.opnsense.org/manual/how-tos/transparent_bridge.html
I recommend to check each step again if thing do not workout as intended.
Cheers,
Jos
-
Hi Jos,
Many thanks for the information.
:) :)
-
FYI: I just updated to docs as there have been some changes since 15.7.11 that prohibit the filtering bridge to work with further configuration. See: https://docs.opnsense.org/manual/how-tos/transparent_bridge.html
I recommend to check each step again if thing do not workout as intended.
Cheers,
Jos
Hi,
I followed the exact steps on the documentation. But after creating the bridge by combining the LAN and WAN interface I was not able to access the management interface :(
Thanks
-
Thank you Jos, for updating the Wiki!
-
Hi All,
Finally I was able to manage to access the management interface (OPT1) after creating the bridge using LAN and WAN. But I did a slight change, since I failed Two times after following the exact steps on the documentation. I created the bridge at the end and allow all traffic to all interfaces as given in the documentation.
But now I'm facing a different issue. My LAN users are not able to access the internet. :( , My production firewall's LAN IP is 192.168.1.7 that IP is given as the default gateway to all my workstation on LAN. If I am right I dont have to change those since my OPNsense transperant firewall act in bridge mode.
What should I do to give the internet access to LAN users?
Thanks
-
Hi All,
I did a mistake while configuring the rules given on step 7. I just add an allow rule to the floating rules. I didnt apply allow rules to all the three interfaces (LAN,WAN,OPT1).
I have corrected those. I will try this on the production network and give the feedback. I APOLOGIZE for the mistake I have done. :)
-
Hi All,
I tried after giving allow rule, which stated on step 7 on the documentation for all the interfaces. Still my LAN users are not able to connect to the internet through the OPNsense transparent firewall. When I try to give the gateway, It doesn't allow to add the gateway on the WAN interface and it gives an error message.
My IP setup is as follows:
Internet <----> Production FW's Internal IP ( 192.168.1.7/24 )<-----> OPNsense FW(OPT1 IP is 192.168.1.8, LAN and WAN doesn't have IPs since it's bridged )<--------> LAN ( 192.168.1.0/24 )
All my LAN workstations have the default gateway as 192.168.1.7 and the primary DNS server as 192.168.1.10
-
Hi Jschellevis, Micky
8) 8) Finally I was able to achieve what I thought, using OPNsense transparent firewall. Thank you so much for devoting time on my requirement. Special thanks for Jschellevis for updating the documentation.
It took me more time than expected, since I was new to OPNsense and not following the documentation carefully. When creating the bridge using LAN and WAN, I couldn't access the management interface, since I used the Third interface OPT1. But after creating the bridge ( OPT2 ), I dont need the OPT1 interface at all to manage the Transperant firewall. And now I know with just Two Interfaces are suffice; and I dont have to change my IP settings or subnet of the LAN, when implementing OPNsense transparent firewall 8).
I am planning to implement Ntop and Rule creation on the transparent firewall. For that I will refer the documentation and if needed I will get the help of the forum. Currently my Inbount and Outbound traffic shows the same traffic graph which is bit of a question to me ( hope to get clarify in a different thread )
All in all I am very satisfied with OPNsense as the motto says HIGH END SECURITY MADE EASY!
Thanks a lot :)
-
How did you end up getting this working? I have the same issue. Followed all the steps but my LAN can't access the internet. I can't ping my router (default gateway) from any of the LAN workstations. I can connect to the web GUI fine and I have IPv4 allow all rule. Not sure what I'm missing...
-
Additionally, I can ping the opnsense box from another computer on the LAN (not downstream from transparent firewall which I'm testing), but can't connect to the GUI. I'm guessing it's a firewall rule issue, but I have allowed all IPv4 traffic to pass on the bridged interface.
-
Gateway?
-
I added my routers IP address as the default gateway for the bridge interface
-
Now after reboot I can't ping or connect the the web GUI. I'm lost. Will try from scratch again.