OPNsense Forum

Archive => 18.1 Legacy Series => Topic started by: sirio81 on April 16, 2018, 08:39:35 am

Title: [SOLVED] LAN routing
Post by: sirio81 on April 16, 2018, 08:39:35 am
Good Morning,
I have an OPNsense with a LAN interface with ip and an ip alias:
Dome computer are in the network and some other are in the network with the respective gateways.
OPNsense is also the primary DNS for those networks and I override the web server ip with
The requests from network towards

Code: [Select]
traceroute to (, 30 hops max, 60 byte packets
 1 (  0.481 ms  0.497 ms  0.519 ms
 2 (  1.435 ms  1.679 ms  1.982 ms
 3 (  9.933 ms  10.081 ms  10.095 ms^C

Is there a way to forward/route the traffic of to and viceversa?

Title: Re: LAN routing
Post by: ad on April 16, 2018, 09:16:24 pm
Good evening! ;-)

I think you should configure 2 interfaces, only then you can route between the networks (Interfaces > Assignments). Aliases are intended for addresses from the same IP networks.

If you don't have more physical ports, you have to work with VLANs. For this you need a VLAN-capable switch which you have to configure accordingly (port is more simple :-).

Title: Re: LAN routing
Post by: sirio81 on April 18, 2018, 04:01:57 pm
I didn't expect such behaviour probably because I come from linux experience and once 'ip_forward' is enabled, it forwards for the packages on all network it's aware of, also on the same nic.
(I retested to be sure).

Title: Re: [SOLVED] LAN routing
Post by: franco on April 18, 2018, 05:47:55 pm
Maybe this is due to anti-spoof, or maybe due to a forced catch-all gateway multi-wan rule that slurps your local traffic and pushes it to the gateway on said interface.

The latter is more likely, but there was no statement about it in the OP.

Title: Re: LAN routing
Post by: sirio81 on April 19, 2018, 09:13:06 am

Now I have a vlan interface named VLAN7 (
My LAN interface's ip is
On the host there's a web server and is running a web server.
I set this rule on VLAN7 interface


And I'm able to reach the webserver form network  :)