Messages

1

General Discussion / Re: AT&T Fiber Interface Assignments?

« on: April 30, 2024, 05:09:54 pm »

I was looking to assign a static IP directly to each of the available copper ports.

Then, I would most likely use a different firewall or router device in each of those ports. At the moment, I can't think of any single, stand-alone device that I would assign a static IP to, other than the aforementioned firewall/router.

2

General Discussion / Re: AT&T Fiber Interface Assignments?

« on: April 29, 2024, 01:55:06 am »

Thank you, and could you please point me to the documentation on how to achieve this?

I have several unused copper ports on my hardware, and I would just like to add each of the static IPs from my block assigned to me to each one of those copper ports.

I appreciate the pointers, and I am eager to learn more. Thanks again!

3

General Discussion / AT&T Fiber Interface Assignments?

« on: April 25, 2024, 06:54:55 pm »

Greetings All!

I have AT&T Residential Fiber and I purchased a pack of static IPs and have those addresses as given to me.

I have OPNSense running on a generic white-box Xeon system that has several copper ports and 2 10gig SFP+ ports. Right now I have the incoming fiber directly connected to the OPNSense firewall through a custom SFP module from FS that can act as XGS-PON, so I no longer need the AT&T 320 gateway and it is completely disconnected and out of the loop here.

My question is how I leverage the static IPs I want to use. I have to set the OPNSense to DHCP on the WAN side to get a connection, and the IP address assigned via DHCP is NOT in the block of static IPs that I have.

Do I just create additional interfaces on the copper ports and assign the static IPs to each of them? If that is the case, does anyone have details on how to achieve this? If there is a write-up or a tutorial somewhere that addresses this, please point me to it.

Thanks!

4

24.1 Legacy Series / Re: Opnsense has internet access but clients do not?

« on: March 01, 2024, 01:00:02 pm »

Thanks to all who took the time to chime in on this. Here is an update...

On a hunch, I went and downloaded the 23.7 installer and put that on this box. Guess what? It worked instantly after running through the wizard. Both the firewall and LAN clients worked flawlessly. Therefore, I can say with confidence that this is definitely an issue with the 24.x installer currently available.

As an anecdote, I was able to then upgrade in place from a perfectly functional 23.7 environment to 24.x and that also worked.

So, for anyone else having this issue, revert back to a 23.7 installer and verify it works (it did for me) and then upgrade to 24.x after you are first up and running in 23.7

I really wish the OPNSense team would do more testing and validation.

5

24.1 Legacy Series / Re: Opnsense has internet access but clients do not?

« on: February 29, 2024, 07:04:37 pm »

Thanks for the reply. The physical layout is really simple, which is why I am so confused and frustrated. I agree, it "should just work" as other installations of OPNSense have worked just fine for me on other hardware. Just a few minutes ago, I wiped this box and re-installed PFSense and boom, it "just works" without further setting changes.

Therefore, it MUST be something that OPNSense is doing differently on this box. Nothing different but the change in OS installed results in a working internet connection for the client on igb1.

As far as the complete picture, here it is...

The hardware in question is a generic, "white box" intel i3 unit with a total of 6 copper ports. No SFP or other networking ports. There is nothing else involved in the equation here. No other DNS servers, nothing. The first copper port from left to right is igb0 and that is what the WAN address (statically assigned) is connected to (ISP modem). The second copper port from the left is igb1 and it is LAN. Again, the OPNSense instance itself has internet access, because I can go to 'firmware' and run an update and it will go out and grab available update packages without issue when I perform an update check.

When I say no internet access, what I mean is that any client connected to the LAN interface when the box is running OPNSense does not have an internet connection, despite getting a DHCP assignment correctly from the OPNSense instance. As I mentioned above, this only applies to the LAN connection. The WAN connection definitely has a working connection because OPNSense itself can go out and download updates without issue. I don't think it is a DNS issue on the LAN side either, because when I manually assign public DNS servers to the client connected to the LAN, it still cannot reach the internet.

Again, if I leave the identical physical connections and WAN IP address settings the same, and wipe OPNSense and install pfSense, not only does the pfSense OS have internet access, but the client connected to LAN (igb1) has internet access as well.

6

24.1 Legacy Series / Re: Opnsense has internet access but clients do not?

« on: February 29, 2024, 05:18:44 pm »

I do only have two of the 6 available copper ports assigned. Bare metal install of 24.1 so there is no virtualization here. igb0 is assigned to WAN, and igb1 is assigned to LAN. That corresponds to the physical connections made. I am not even using a separate switch right now. igb0 is connected to the ISP device and is definitely the WAN connection as I have one of my available static IPs assigned to it. As I mentioned earlier, this installation of 24.1 has internet access as I am able to update the packages directly from that WAN connection. The only device connected to igb1 is a computer I am using a browser with to access the web interface of this 24.1 instance. This computer is properly assigned an IP address when using DHCP, and I tested it also using a manually assigned address. This instance of 24.1 is running unbound for DNS and I have even tried manually assigned public DNS servers to the client, such as 8.8.8.8 and 1.1.1.1 and still do not have internet access. I am really confused and stumped right now. As a sanity check, I wiped this hardware and installed PFSense, and it just works using the same two physical connections, so this is definitely some sort of configuration issue specific to OPNSense and I just don't understand what I am obviously missing here. Thanks for your responses and I look forward to further assistance on what to do next.

7

24.1 Legacy Series / Opnsense has internet access but clients do not?

« on: February 28, 2024, 11:22:04 pm »

Greetings All!

I have an issue where 24.1 itself has internet access and can download updates, new repositiories, etc. However, clients connected to this instance on the LAN interface do not have internet access. I have double and triple checked the settings on the clients, and neither DHCP nor compatible manual settings for the LAN will restore internet access for the clients. This has me thinking I need to check Firewall Rules and/or NAT settings, but I am relatively new to OPNSense and I am not quite sure where to start in diagnosing this. It was a fresh install of 24.1 and I just used the wizard to try and get up and running quicky. What and where should I be looking? I would have thought by default all LAN clients would have internet access, and I certainly have not tinkered with any settings in that regard. Any/all assistance here would really be appreciated! THANKS IN ADVANCE!

8

24.1 Legacy Series / Internet Access from LAN issue

« on: February 21, 2024, 04:19:27 pm »

Good Day All!

I am making the switch from pfSense to Opnsense, but I am off to a rocky start with 24.1

I have a business-class cable modem connection with static IPs assigned to me. It is a /29, so I have 5 usable IPs. I know the connection between my location and the ISP is good, as I have another router assigned to one of the other static addresses in my block and it is working perfectly, as was this white box hardware (SuperMicro Xeon) when it was running pfSense. This SuperMicro board has 6 copper ports (Intel) and 2 SFP slots (ix0 and ix1).

At this moment, I can successfully reach the web interface of OpnSense on the LAN interface (ix0 with a copper transceiver). So the LAN side is configured correctly and working, allowing me to make changes, etc. The OPNSense unit itself can reach the internet for updates, etc., so I am thinking this is a NAT/Rules issue. I used the Wizard to set it up, so I thought it would automatically create the necessary configuration, but apparently it does not?

However, the WAN side is a completely different story. I have tried assigning the desired static IP address (68.188.10.xx) to both ix1 and igb1, as well as providing the correct gateway (68.188.10.xx) and cannot get out to the internet. I have physical connectivity as I see activity lights and I made sure I didn't have a bad cable, etc. This leads me to believe I obviously am missing something with my configuration. I provided valid public DNS servers to the wizard during setup, so I am fairly confident I have all my values correct.

Therefore, I can only conclude I have some sort of NAT or rule configuration I am missing or overlooking. I have installed other instances of opnsense with dynamic connections on other circuits and it worked just fine with no additional config necessary, so I have a feeling I am missing an additional setup setting for this particular setup with a static IP.

Could someone please offer some assistance as to what I might be missing or need to look further into? I'm stumped right now. THANKS IN ADVANCE!