Show Posts
1
15.7 Legacy Series / Access GUI from an External network (not the internet!)
« on: January 21, 2016, 12:46:48 pm »
Hi,
I'll start by trying to clear up how my network is set up in relation to my OPNSense firewall...
First to define the networks:
1. 172.20.0.0 (255.255.0.0) - Main LAN, acting as the WAN to the OPNSense
2. 172.26.0.0 (255.255.240.0) - External LAN via site-site VPN to network 1.
3. 192.168.1.1 (255.255.255.0) - 'Private' LAN - has limited access to network 1.
Gateway IPs:
- Network 1: 172.20.1.254 (The OPNsense card has an IP of 172.20.1.253, so is the WAN IP in the OPNsense case)
- Network 2: 172.26.1.254
- Network 3: 192.168.1.254
- Networks 1 & 2 can see each other fine.
- Network 3 can get an external connection via the gateway on Network 1
- Network 1 can access the admin GUI on the OPNsense firewall (as can Network 3)
- I've disabled the rule disallowing private IP ranges
- Network 1 sits behind a router (with fw) so allowing connections into the OPNSense gui isn't too much of an issue as it is protected from Internet traffic by the firewall on Network 1 (172.20.1.254)
I'm trying to access the admin gui from network 2, which is failing. I can Ping 172.20.1.254 from network 1, but not from network 2. I can ping every other device on network 1 (172.20.x.x) from network 2 without issue...
I think the issue is that the IP I am coming from is a 172.26.x.x address, which is unknown to Opensense, though its card is connected the same as every other device on network 1...
Does anyone have any ideas on how I can achieve this? I have tried playing about with different NAT and Firewall rules, but to no avail so I'm going to clear those out and start fresh.
Thanks in advance, sorry for rambling slightly!
I'll start by trying to clear up how my network is set up in relation to my OPNSense firewall...
First to define the networks:
1. 172.20.0.0 (255.255.0.0) - Main LAN, acting as the WAN to the OPNSense
2. 172.26.0.0 (255.255.240.0) - External LAN via site-site VPN to network 1.
3. 192.168.1.1 (255.255.255.0) - 'Private' LAN - has limited access to network 1.
Gateway IPs:
- Network 1: 172.20.1.254 (The OPNsense card has an IP of 172.20.1.253, so is the WAN IP in the OPNsense case)
- Network 2: 172.26.1.254
- Network 3: 192.168.1.254
- Networks 1 & 2 can see each other fine.
- Network 3 can get an external connection via the gateway on Network 1
- Network 1 can access the admin GUI on the OPNsense firewall (as can Network 3)
- I've disabled the rule disallowing private IP ranges
- Network 1 sits behind a router (with fw) so allowing connections into the OPNSense gui isn't too much of an issue as it is protected from Internet traffic by the firewall on Network 1 (172.20.1.254)
I'm trying to access the admin gui from network 2, which is failing. I can Ping 172.20.1.254 from network 1, but not from network 2. I can ping every other device on network 1 (172.20.x.x) from network 2 without issue...
I think the issue is that the IP I am coming from is a 172.26.x.x address, which is unknown to Opensense, though its card is connected the same as every other device on network 1...
Does anyone have any ideas on how I can achieve this? I have tried playing about with different NAT and Firewall rules, but to no avail so I'm going to clear those out and start fresh.
Thanks in advance, sorry for rambling slightly!