Messages

Thanks for the first heads up, if you notice the link it suggests that this would never be changed hence I didn't go looking for it.

I wasn't really looking to limit to users, just reduce the amount of options I know I would never need in a specific install.


I had made a suggestion in the past that having the software name in the list should ideally be replaced with its generic function (DHCP etc) and at a minimum it should say DHCP Kea, not Kea DHCP.

Is it possible to hide entries from the webui menus?

I note an old post from 2016 which doesn't seem to work now - is it supposed to or no longer possible? https://forum.opnsense.org/index.php?topic=2955.0


Also - officially or unofficially - any way to disable menu animations?

I've figured out the 1:1 NAT problem.

When I setup a NAT rule I select WAN, the destination here default sets to "WAN address" which I guess does not include the VIP. I tested this with "WAN Net" and it worked then noticed it enters the CARP VIP for WAN in the list automatically.


(EDIT) This doesn't help with routing though, I had already tested that direct without using a VIP anyway.

Salü fatalfuuu

From the routing perspective, you need to add on the router 172.16.20.1 a new gateway "172.16.20.2" and a new route:
Destination network: 192.168.1.0/24
Gateway: 172.16.20.2 (created before)

On the Main Router you just have to add 172.16.20.1 as default gateway and allw the traffic the expected traffic

gruss ivo

I've reset my test machines and tried this approach with these settings with no luck. I wouldn't expect them though as the destination network of the incoming requests will not be an internal range. Since this is the incoming internet traffic we want to pass in to the next router. I would have thought 0.0.0.0/0 would have done that but it wont let me.

Hmm... just 1:1 NAT the Modem-WAN IP to their respective Router Target IP. This takes care of incoming traffic. Outgoing traffic fixes itself when DHCP propagates the correct gateway (or it is set manually).

If you have .2.21 active, you will need to deal with Multi-WAN in the main router, too, but that's basically it unless I'm missing something?


Cheers,
Franco

I can do 1:1 NAT now, after making a mistake, I was wondering if I could route this instead as it seems proper. I can deal with MultiWAN okay. My problem with 1:1 NAT is when using CARP, I have a VIP for the wan side of the main virtual routers, but I cannot NAT to that IP (I can directly to the interface address though). CARP on LAN side working okay when testing. This is another problem I have not pursued much yet as im trying to do the routing first.

Salü fatalfuuu

From the routing perspective, you need to add on the router 172.16.20.1 a new gateway "172.16.20.2" and a new route:
Destination network: 192.168.1.0/24
Gateway: 172.16.20.2 (created before)

On the Main Router you just have to add 172.16.20.1 as default gateway and allw the traffic the expected traffic

gruss ivo

The gateway part is/was done first, my problem was when adding the route. Since this is from the internet to our network, whatever comes from the outside isn't trying to access 129.168.1.0/24, it thinks its destined for the WAN IP (public IP range). Maybe I'm over thinking this and actually didn't try it.

Thanks for the replies

You could ignore the second router (.21.1) for now.

We want to move the main install virtual and connect a small physical router to the modem so the virtual server isnt using pppoe. The below works for output, but we want to route all traffic from the router connected to the modem, to the main virtualised router by default (without NAT I suppose is the best... hence this question).

We have a few PPPoE modems which are currently plugged directly into a physical install. We'd like to move this over to a virtual install and/or using CARP.

I had originally looked around for some vdsl modems but none of them seem to run well, and cost a lot, so instead we've bought some small dual nic units to run pfsense/opnsense on and plug the modem into that.

What I need to do now is forward all traffic from this install to the main one(s) which will be virtual.


Currently got some spare hardware to mock this up, so these settings are as we're testing...

(excuse the pfsense, currently testing/migrating)

As far as I thought, I would setup a gateway on the router connected to the modem, to the main box 172.16.20.2 and then set a static route on this. But im a bit lost at what I do for the destination network to forward all traffic when incoming from the internet. I've tried 0.0.0.0/0, the real internet IP, and the internal network address 192.168.1.1/24 but none seem to work.

If I was lazy I could do 1:1 NAT, but this seems rough, unless im wrong and its the only way I can get this to work?