OPNsense Forum

Archive => 18.1 Legacy Series => Topic started by: sirio81 on April 16, 2018, 08:39:35 am

Title: [SOLVED] LAN routing
Post by: sirio81 on April 16, 2018, 08:39:35 am
Good Morning,
I have an OPNsense with a LAN interface with ip 192.168.2.254 and an ip alias: 192.168.3.250.
Dome computer are in the 192.168.2.0/24 network and some other are in the 192.168.3.0/24 network with the respective gateways.
OPNsense is also the primary DNS for those networks and I override the web server ip with 192.168.2.114.
The requests from network 192.168.3.0/24 towards 192.168.2.114

Code: [Select]
traceroute 192.168.2.114
traceroute to 192.168.2.114 (192.168.2.114), 30 hops max, 60 byte packets
 1  192.168.3.250 (192.168.3.250)  0.481 ms  0.497 ms  0.519 ms
 2  80.244.122.193 (80.244.122.193)  1.435 ms  1.679 ms  1.982 ms
 3  80.244.120.2 (80.244.120.2)  9.933 ms  10.081 ms  10.095 ms^C

Is there a way to forward/route the traffic of 192.168.3.0/24 to 192.168.2.0/24 and viceversa?


Title: Re: LAN routing
Post by: ad on April 16, 2018, 09:16:24 pm
Good evening! ;-)

I think you should configure 2 interfaces, only then you can route between the networks (Interfaces > Assignments). Aliases are intended for addresses from the same IP networks.

If you don't have more physical ports, you have to work with VLANs. For this you need a VLAN-capable switch which you have to configure accordingly (port is more simple :-).

Greetings
AD
Title: Re: LAN routing
Post by: sirio81 on April 18, 2018, 04:01:57 pm
I didn't expect such behaviour probably because I come from linux experience and once 'ip_forward' is enabled, it forwards for the packages on all network it's aware of, also on the same nic.
(I retested to be sure).

Title: Re: [SOLVED] LAN routing
Post by: franco on April 18, 2018, 05:47:55 pm
Maybe this is due to anti-spoof, or maybe due to a forced catch-all gateway multi-wan rule that slurps your local traffic and pushes it to the gateway on said interface.

The latter is more likely, but there was no statement about it in the OP.


Cheers,
Franco
Title: Re: LAN routing
Post by: sirio81 on April 19, 2018, 09:13:06 am

Now I have a vlan interface named VLAN7 (192.168.7.1/24).
My LAN interface's ip is 192.168.2.254.
On the host 192.168.2.249 there's a web server and is running a web server.
I set this rule on VLAN7 interface

(https://imageshack.com/i/poDpwZ9Ip)


And I'm able to reach the webserver form 192.168.2.0/24 network  :)