OPNsense Forum
Archive => 18.1 Legacy Series => Topic started by: guest17399 on May 13, 2018, 09:15:34 pm
-
I'm trying to make an analogue of wan and Lan. I spent a lot of time solving this problem.
1. For the operation of the WAN analog on OPT1, I indicated in the settings of the interface mac the address of the network card from the WAN itself. There was an exit in the world. ( We will assume that it works. )
2. To configure the LAN on OPT2, I made similar settings, as for the LAN itself. The LAN itself was turned off.
I registered any poppies.
The route does not go beyond the gateway. Exit to the world does not work accordingly.
What to do with LAN (OPT2)?
How correctly was WAN configured (OPT1)?
p.s. opnsense latest
Scheme: https://i.imgur.com/RSid9i3.png
(https://i.imgur.com/RSid9i3.png)
-
I'm trying to follow but not really clear on what the problem is or how you are setup.
Can you share what your Interface Assignments window looks like?
So you are trying to ping out to the Internet from the internal network and traffic isn't going out?
-
So you are trying to ping out to the Internet from the internal network and traffic isn't going out?
Yes.
Routing:
ipv4 default 178.215.11.1 UGS 5590 1500 igb0 OPT1_2Provider
ipv4 127.0.0.1 link#7 UH 394 16384 lo0
ipv4 178.215.11.0/25 link#3 U 2527 1500 igb0 OPT1_2Provider
ipv4 178.215.11.10 link#3 UHS 0 16384 lo0
ipv4 192.168.1.0/24 link#1 U 955 1500 bce0 LAN
ipv4 192.168.1.3 link#1 UHS 0 16384 lo0
ipv4 192.168.2.0/24 link#4 U 11 1500 igb1 OPT2_2Provider_LAN
ipv4 192.168.2.1 link#4 UHS 0 16384 lo0
Settings of the machine connected to OPT2_2Provider_LAN:
IP: 192.168.2.26
Mask: 255.255.255.0
Gateway: 192.168.2.1
+2 dns
-
I also tried to turn off the firewall, configure NAT, make a special route ...
-
Can you share what your Interface Assignments window looks like?
-
Oh sure. Anything you want :)
-
Why aren't you using WAN for your WAN interface and just a LAN interface? I'm not following why you have so many.
What's the "WAN" interface configured as: DHCP/Static?
-
I have network interfaces that are integrated into the motherboard - turned off.
Now only the external network card is used (intel 350t4v2) - on it you need to configure WAN and LAN.
"WAN" on OPT1 seems to work correctly.
But the "LAN" on OPT2 can not be configured.
I also want to try bridge use on the OPT2 interface...
What's the "WAN" interface configured as: DHCP/Static?
Static
-
Why didn't you just disable the onboard NICs in the BIOS/UEFI?
That way they won't even be detected by the OS.
-
Even so, I just only configure the 2 ports I use on my 4 port firewall. The other 2 are just left alone and not assigned.
0 is my WAN and 1 is my LAN, other 2 ports are just unassigned.
(https://i.imgur.com/XanW9ek.png)
-
What Animosity022 is fine too. During initial setup you simply select which NIC to use for which type of connection (WAN or LAN).
-
Why didn't you just disable the onboard NICs in the BIOS/UEFI?
That way they won't even be detected by the OS.
1. And then how to perform the basic setting?
2. The built-in adapter will synchronize with another opnsense. We have two identical machine
-
Even so, I just only configure the 2 ports I use on my 4 port firewall. The other 2 are just left alone and not assigned.
0 is my WAN and 1 is my LAN, other 2 ports are just unassigned.
I plan to use the second two ports as WAN and LAN on a network card for another provider.
But now I'm trying at least two current settings...
That is, it turns out like this (intel 350t4v2):
OPT1 - WAN
OPT2 - LAN
OPT3 - WAN
OPT4 - LAN
default LAN - synchronization with another similar server.
That is, if I now reassign the LAN, then in the future it can not be used for synchronization (probably).
Or in any case I can not configure the second provider.
-
I see where you're going at, but it feels like you are overthinking things.
Why not the first WAN/LAN bundle on the onboard NICs (assuming you have at least two onboard NICs) and the second bundle on OPT1 and OPT2, and then use OPT3 and OPT4 for connecting the second node?
I take it this is a HA setup?
-
I see where you're going at, but it feels like you are overthinking things.
Why not the first WAN/LAN bundle on the onboard NICs (assuming you have at least two onboard NICs) and the second bundle on OPT1 and OPT2, and then use OPT3 and OPT4 for connecting the second node?
The scheme is not accurate, in a hurry. But I think the principle is clear. That this is the most correct way to make a failover cluster.
-
I'm trying to follow that diagram and I can't figure out what you are trying to accomplish.
Do you have 2 internet provides and that's what provider means? Are you looking to do multi WAN with a port for each provider?
Are you trying to add in multiple LAN connections for redundancy?
If you spend some time and make an accurate diagram, it will really help as without a picture it doesn't make sense (to me anyway).
-
Do you have 2 internet provides and that's what provider means? Are you looking to do multi WAN with a port for each provider?
Yes.
Are you trying to add in multiple LAN connections for redundancy?
No.
2 WAN (OPT1, OPT2) is used for one service provider and another.
2 LAN (OPT3, OPT4) are used to distribute traffic from one service provider and another.
2 WAN (OPT1, OPT2) in two intel 350 t4v2 and 2 LAN ports (OPT3, OPT4) in the other two intel 350 t4v2 ports
That is, you need to drive traffic through intel 350t4v2.
Built-in network interfaces in the motherboard do not touch
The standard LAN that is integrated into the motherboard will be used for synchronization.
Everything is simple
-
Normally, you'd use a multi wan setup to provide redundancy and give your capacity an increase. You aren't normally setting up a multi wan to route one link into point a and another link into point b.
It sounds like you want a single WAN to point a LAN port and basically have another WAN and point that to a LAN port.
Again, this is where a detailed picture would really help to show what you are trying to achieve.
-
(https://i.imgur.com/RSid9i3.png)
p.s. https://i.imgur.com/RSid9i3.png
Link to the picture.
It seems that everything is clear. Or not?
-
I have fixed the reference to the scheme in the first post
-
A similar problem is observed in pfsense.
But there the configuration on intel 350t4v2 is executed immediately, that is, the WAN and LAN are configured there and everything works out of the box.
But if you manually configure LAN on intel350t4v2 yourself, then there will be a similar problem.
-
So two servers, two WANs? Are you using CARP and standby HA? Because it would solve your issues.
https://docs.opnsense.org/manual/how-tos/carp.html
Cheers,
Franco
-
Looks to me the OP tries to do that in one box.
-
Sure but ideally one box actively manages both WANs while the other one doesn't. Or both boxes manage one WAN, then you can leave out CARP but need a third device to do gateway group load balancing. ;)
-
I agree. That makes sense for a failover setup.