Messages

I assigned OPT1 an IP address within the same scope as my home network. The directions are not specific, but they say "to be able to configure and manage the filtering bridge (OPNsense) afterwards...." I assumed this IP would have to be one within my network.

192.168.86.x/24

/24 = 255.255.255.0 Correct?

Since you didn't state your network ranges before, I don't know.
If it's the LAN subnet behind the router, it's wrong. This would put the whole OPNsense bridge inside your LAN, which isn't that, what you want.

You might have a transit network between the router and the modem,  where you put the firewall in between. I asked for it, but you didn't mention. OPNsense should have an IP inside this subnet, it should be defined on the bridge.

AND your bridge should only have two member interfaces. The OPT1 is useless for your purpose.

I'm a bit more confused now.

You mention "a transit network between the router and the modem" but the only thing between my router (which is Google Home WiFi) and my modem is an ethernet cable. My ISP has locked access to my modem once it is in operation. If I catch it during boot it has an IP address of 192.168.100.1 or 1.100 I can't remember which. Are you saying this is the the IP range where the bridge needs to be?

The bridge does only have 2 member interfaces.

I have OPT1 because I followed step 4:

4. Assign a management IP/Interface
To be able to configure and manage the filtering bridge (OPNsense) afterwards, we will need to assign a new interface to the bridge and setup an IP address.

Go to Interfaces ‣ Assign ‣ Available network port, select the bridge from the list and hit +.

Filtering Bridge Step 4.png

Now Add an IP address to the interface that you would like to use to manage the bridge. Go to Interfaces ‣ [OPT1], enable the interface and fill-in the ip/netmask.

When I followed a later suggestion here and used LAN for management and bridged WAN and OPT1 the bridge appeared to work and my wired network worked as well but the Google Home WiFi router lost connection and never locked again until I removed the NUC and put the cable directly into the cable modem. Rebooting each, and all 3 didn't resolve.

Do not bridge WAN with LAN. LAN is configured for management. Keep it that way. Instead, bridge WAN with OPT1.

I've followed these directions:

Create a bridge of LAN and WAN, go to Interfaces ‣ Other Types ‣ Bridge. Add Select LAN and WAN.

I've seen these same directions on multiple sites and after having all the problems I've been having I've started to wonder if either the directions are wrong or if OPNSense really can't be used in this way anymore.

This explanation makes perfect sense and it completely explains what is happening right now.

I've pulled the NUC and I did a factory reset and configured from the start again. I didn't bother with any firewall rules other than the OPT1 rules like I had read and then I tried again and failed again.

So I tried only connecting the OPT1 interface to my switch. Nothing. I rebooted it and tried again. Nothing. Even though the status screen showed for certain I had an IP on OPT1.

As soon as I connected LAN I was able to connect to management again.

I'm going to reconfigure it like this and give it a try. Thank you.

After everything was configured and working, I moved LAN and WAN so it was between my modem and router. .

Which subnet is this?
How is your router accessing the internet?

You said, you assigned an IP to the bridge interface, which? Which subnet?
Which IP has OPT1?

I assigned OPT1 an IP address within the same scope as my home network. The directions are not specific, but they say "to be able to configure and manage the filtering bridge (OPNsense) afterwards...." I assumed this IP would have to be one within my network.

192.168.86.x/24

/24 = 255.255.255.0 Correct?

I am still able to access the internet on all of my devices but I am not able to access the management page at the IP address I configured for OPT1.

Did you connect your Desktop/Laptop to the OPT1 interface for management?

Up until today I have been connecting OPT1 to my network switch.

Today I tried as you suggested and connected a network cable from OPT1 to my laptop.

There was still no access.

I even tried adding an allow rule at the top of the firewall for OPT1:

Protocol any, ip4+ip6
Interface "bridge0"
Source "bridge0 net"
Destination "bridge0 net"

This did not produce any different results.

I've not actually done this myself, but I believe all of those guides expect you to place the bridge on the LAN side of your existing (ISP) router - i.e. the WAN port of the opnsense box would be connected to the LAN port of the existing router, and the LAN port of the opnsense box would be connected to a LAN switch - so like Internet<->Router<->Bridge<->LAN.

I'm stuck getting mine working but everything I've read says the OPNSense box needs to go between the ISP modem and my router.

I have Google WiFi so if I put the OPNSense box AFTER the router it will only bridge wired traffic. Am I understanding that right?

My setup appears to work. I do not lose any access to the internet but I lose access to the management even though I have a static IP set and a 3rd NIC.

According to the instructions I followed: "A transparent firewall filters traffic without requiring the creation of separate subnets."

The video I followed by Dave from Dave's Garage also described being able to plug this in or unplug it without making any changes to the network configuration.

Apparently that's where the "transparent" part comes in.

It makes it a bit more difficult that it's "headless" at this point. My next step is to reconnect a monitor and keyboard to the device and see what I can figure out from there.

I have configured OPNsense as a transparent filtering bridge and have 3 interfaces assigned.
LAN, WAN, OPT1.

I used these instructions:

To be able to configure and manage the filtering bridge (OPNsense) afterwards, we will need to assign a new interface to the bridge and setup an IP address.

Go to Interfaces ‣ Assign ‣ Available network port, select the bridge from the list and hit +.

Now Add an IP address to the interface that you would like to use to manage the bridge. Go to Interfaces ‣ [OPT1], enable the interface and fill-in the ip/netmask.

While I was configuring everything, I had LAN and WAN connected between my router and my switch. Everything was working and I was seeing LAN traffic being filtered as expected. I could manage OPNsense using the IP address I configured for the OPT1 interface.

After everything was configured and working, I moved LAN and WAN so it was between my modem and router. This way it can filter all of my traffic. That's the intended purpose. I am still able to access the internet on all of my devices but I am not able to access the management page at the IP address I configured for OPT1.

So at this point I have no way to manage OPNsense. It's working but I can't access it unless I move it back to it's previous position between the router and the switch. This will only filter wired traffic.

I must be missing something. Help is appreciated.

I went through the tutorial for configuring OPNsense as a transparent filtering bridge.

Once I had it configured I connected it between my modem and router.

I did configure the 3rd port as management and assigned a static IP to it.

I cannot ping or access the management page using that IP address nor can I access it using the static IP address I was using before I moved it ahead of the router.

I'm sure I've probably missed something somewhere but I could use some guidance.

The filtering bridge is "working" because during the initial configuration it was configured to pass everything.

Thanks in advance.