Messages

1

24.7 Production Series / Help needed in setting up vlan in opnsense

« on: October 13, 2024, 09:04:13 pm »

I am trying to set up a vlan in my opnsense box.

Following the instruction in https://www.zenarmor.com/docs/network-security-tutorials/how-to-configure-vlan-on-opnsense, I created a VLAN1 using a physical lan port LAN1 as its parent.  The LAN1 port static address is 192.168.3.1, and VLAN1 is 192.168.100.1. The VLAN1 interface is assigned to a logical interface and enabled. Both have DHCP enabled in their respective subnets. For testing purpose, I created firewall rules to allow VLAN1 to reach any network. I have a laptop physically linked to the LAN1 port via ethernet cable.  When I put the laptop in the LAN1 subset (by using a static IP address 192.168.3.10), it works normally.  However, when I change the laptop to the VLAN1 subset (by using a static IP address 192.168.100.10), it cannot reach internet, and no other devices in my home net can reach that laptop.  Any clue how to debug and correct the problem? Thanks.

Jim

2

General Discussion / Re: [SOLVED] Help needed in setting up opnsense with multiple ETH ports

« on: December 11, 2023, 10:44:32 pm »

Thank for the information. I was using single PC for configuring and testing the firewall box.
I think my problems are solved now.

3

General Discussion / Re: Help needed in setting up opnsense with multiple ETH ports

« on: December 11, 2023, 10:19:47 pm »

I think I found the issue. When I was testing if I can reach the ETH1 subnet from ETH2, I moved the network cable from ETH1 to ETH2, and tried to reach the web portal 192.168.1.1. That doesn't work.  However, if I connect another machine to ETH1, then I can reach 192.168.1.1 from ETH2 as expected.

So it looks that I may not have problem in the network setup. The issue is that I could not reach web portal 192.168.1.1 when ETH1 is not connected to an active machine. Is this normal? Is there any configuration change that can make the web portal 192.168.1.1 alway available?

4

General Discussion / Re: Help needed in setting up opnsense with multiple ETH ports

« on: December 11, 2023, 07:47:53 pm »

File wall rules for ETH4 (ETH5 is similar). ETH1 has one additional anti-lockout rule in the automatically generated rules.

5

General Discussion / Re: Help needed in setting up opnsense with multiple ETH ports

« on: December 11, 2023, 07:45:26 pm »

@netnut. Thanks for your reply. Please see my firewall rules in the attached images and let me know what other configuration information should be examed.

6

General Discussion / [SOLVED] Help needed in setting up opnsense with multiple ETH ports

« on: December 11, 2023, 05:51:32 pm »

Hi,

I am running an opnsense machine with 6 ports. My setup is as the following:
    ETH0: WAN
    ETH1: LAN, 192.168.1.x/24
    ETH2: LAN, 192.168.2.x/24
    ETH3: LAN, 192.168.3.x/24
    ETH4: LAN, 192.168.4.x/24, this is for IoT devices
    ETH5: LAN, 192.168.5.x/24, this is for guest access
Each of the LAN subnets ETH1-ETH5 has its own gateway (192.168.x.1) and corresponding DHCP range.

I want ETH4 and ETH5 can access internet but not other subsets. I set up these two as guest nets using instructions in https://docs.opnsense.org/manual/how-tos/guestnet.html. These worked as expected.

I want ETH1/ETH2/ETH3 can access internet and all other subnets, so I created firewall rules to allow any IP traffic from these subnets to any destination. While traffic can reach internet, it doesn't work to reach nodes in other subnets, e.g., a node in ETH2 cannot reach any node in ETH1. How to change setup to fix this problem? I know I can create a bridge for ETH1/ETH2/ETH3 but I read that bridging in opnsense is not efficient and not suitable for heavy traffics so I'd like to get away from bridge if possible.

Thanks.