Messages

1

General Discussion / Re: Can't connect to Web GUI after trying to implement Transparent Filtering Bridge

« on: May 10, 2024, 10:47:51 pm »

I got it working.  I think running the initial setup wizard after the install helped as I don't think I really did anything different.

Recap:  Instead of bridging LAN+WAN, bridge OPT1+WAN.  Also run the initial setup wizard.

2

General Discussion / Re: Can't connect to Web GUI after trying to implement Transparent Filtering Bridge

« on: May 09, 2024, 04:55:49 am »

I tried your suggestion Strator and bridged WAN to OPT1.  The result was what I was looking for.  When the laptop was plugged into OPT1 it had internet access, when plugged into LAN I could access the WebGUI.

The only problem was that the WebGUI didn't have internet access.  I received a "no address record found for the selected mirror" when trying to update.  I could ping my local DNS server (pihole), but nothing else (e.g. 1.1.1.1 8.8.8..

I tried System->Settings->General->
Have/NotHave DNS entries listed there (with no gateway specified)
Have/NotHave "Allow DNS providers to be overwritten by DHCP" enabled
Have/NotHave "Do not use the local DNS service as a nameserver for this system" enabled

Nothing seemed to help.  I'm not sure what else to do to troubleshoot this, so I'll wipe it and start from scratch again to see if I just messed up somewhere.

3

General Discussion / Re: Can't connect to Web GUI after trying to implement Transparent Filtering Bridge

« on: April 24, 2024, 03:28:02 pm »

Does anyone have thoughts on how I can resolve this?  Any help would be greatly appreciated.

4

General Discussion / [SOLVED] Can't connect to Web GUI after trying to implement Transparent Bridge

« on: April 17, 2024, 05:07:22 am »

My network:
ISP Modem---Router---Switch:
                           +--(misc other devices)
                           +--OPNSense---Laptop

I don't have a very complicated network, just a bunch of devices connected to a switch and the switch to a router.  I wanted to setup a transparent filtering bridge on an old Protectli FW4B and stick it between my router and the switch.  Since I didn't want to disrupt my network while testing this, I decided to connect OPNSense to my switch via the WAN and then use a laptop to the LAN for testing.  I have tried following these various instructions:

https://docs.opnsense.org/manual/how-tos/transparent_bridge.html
https://www.zenarmor.com/docs/network-security-tutorials/how-to-configure-transparent-filtering-bridge-on-opnsense

When I finish, I'm getting the internet on my laptop, with the DHCP provided by my router, but I cannot access the OPNSense web GUI anymore.

My Steps:
Install OPNSense 24.1 on a Protectli FW4B
    Boot into USB with 24.1 on it
    Login as installer/opnsense
    Run through install options and rebooted
On the console:
    Login at root/opnsense
    Chose (1 Assign Interfaces):
        LLAGs & VLANs = N
        WAN = igb0
        LAN = igb1
        OPT1 = igb2
        OPT2 = igb3
    Plugged cables into WAN and LAN

Result:
    LAN (igb1)  -> v4: 192.168.1.1/24
    OPT1 (igb2) ->
    OPT2 (igb2) ->
    WAN (igb0)  -> v4/DHCP4: 192.168.50.39/24
    Laptop (plugged into LAN):  Has internet and IP = 192.168.1.100

Login to the Web UI (http://192.168.1.1/)
Firewall -> NAT -> Outbound -> set "Disable Outbound NAT rule generation" -> Save
System -> Settings -> Tuneables -> set 'net.link.bridge.pfil_bridge' = 1, 'net.link.bridge.pfil_member' = 0 -> Save
Interfaces -> Other Types -> Bridge -> add:  Description = 'Bridge', select LAN+WAN -> Save
Interfaces -> Assignments -> add:  Device = bridge0, Description = 'Bridge' -> Save
Interfaces -> [Bridge] -> select 'Enable Interface', IPv4 Configuration Type = Static IPv4, IPV4 address = 192.168.50.200/32 -> Save
Interfaces -> [OPT1] -> select 'Enable Interface', IPv4 Configuration Type = Static IPv4, 192.168.50.201/32 -> Save
Interfaces -> [OPT2] -> select 'Enable Interface', IPv4 Configuration Type = Static IPv4, 192.168.50.202/32 -> Save
Apply Changes

Result:
        Bridge (bridge0)  -> v4: v4/DHCP4: 192.168.50.200/32
        LAN (igb1)  -> v4: 192.168.1.1/24
        OPT1 (igb2) -> v4: 192.168.50.201/32
        OPT2 (igb3) -> v4: 192.168.50.202/32
        WAN (igb0)  -> v4/DHCP4: 192.168.50.39/24

Interfaces -> WAN -> un-select 'Block private networks' & 'Block bogon networks' -> Save
Services -> DHCPv4 -> [LAN] -> un-select 'Enable DHCP server on LAN interface' -> Save
Firewall -> Rules -> select [Bridge]/[LAN]/[WAN]/[OPT1]/[OPT2] -> Add -> Save
Firewall -> Settings -> Advanced -> un-select 'Disable administration anti-lockout rule' -> Save
System -> Configuration -> Backups -> click 'Download Configuration' -> Save
Interfaces -> [LAN]/[WAN] -> set 'IPv4 Configuration Type' = None -> Save
Apply Changes

Result:
        Bridge (bridge0)  -> v4: v4/DHCP4: 192.168.50.200/32
        LAN (igb1)  ->
        OPT1 (igb2) -> v4: 192.168.50.201/32
        OPT2 (igb3) -> v4: 192.168.50.202/32
        WAN (igb0)  ->

Plug Laptop into LAN:  Has internet and IP = 192.168.50.12, can't access 192.168.50.200 (error: The connection has timed out) or 192.168.50.201/202 (error: Unable to connect)
Plug Laptop into OPT1:  No internet and doesn't get IP
Plug Laptop into OPT2:  No internet and doesn't get IP
Plug Laptop into switch:  Has internet and IP = 192.168.50.12, can't access 192.168.50.200 (error: The connection has timed out), 192.168.50.201/202 (error: Unable to connect)

I tried the same steps as above but using /24 instead of /32 for the Static IPv4s.  The results were the exact same.
I tried the same steps as above but setting the following, but the results were the exact same:  Interfaces -> [Bridge] -> select 'Enable Interface', IPv4 Configuration Type = DHCP

I don't know networking/firewalls virtually at all, so I'm probably missing something very simple/basic, but I can't figure out what it is.  Any help would be greatly appreciated.