OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of Strator »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - Strator

Pages: [1] 2
1
General Discussion / Re: mDNS Relay Issues with OPNsense and FritzBox Exposed Host Setup
« on: October 25, 2024, 11:14:20 pm »
Quote from: Tibor on October 25, 2024, 10:54:53 pm
Quote from: Strator on October 25, 2024, 04:46:49 pm
@Tibor

That looks like an out-of-the-box idea to me. You have NAT on WAN, right? I don't think the mDNS repeater can work with it. Also, mDNS was designed for local networks and, although it uses multicast, it does not work the same as IGMP.

Yes I have NAT on it. Do you mean without NAT it could perhaps working?

Well, there is also a firewall there. mDNS creates a lot of traffic. The repeater makes it even worse. mDNS traffic can be easily taken as a DoS attack by the firewall. Some other unexpected rules may not like it, either. If I were you, I would forget about this idea.

2
General Discussion / Re: mDNS Relay Issues with OPNsense and FritzBox Exposed Host Setup
« on: October 25, 2024, 04:46:49 pm »
@Tibor

That looks like an out-of-the-box idea to me. You have NAT on WAN, right? I don't think the mDNS repeater can work with it. Also, mDNS was designed for local networks and, although it uses multicast, it does not work the same as IGMP.

3
24.7 Production Series / Re: Configuration help needed
« on: October 24, 2024, 06:36:10 am »
@glen4cindy

OPNsense does work as a transparent firewall. That's how I use it.

The only IP address you should have there is on LAN for management. Set a static IP address for it. You can connect OPNsense LAN directly to some management PC or your switch. The latter is a more flexible setup.

You can put that transparent firewall between your modem and router or between your router and switch.

Forget the instructions found on Dave's Garage. They are inconsistent. Follow instructions from Zenarmor. Just notice that "LAN" (uppercase) means there a local network. They use lowercase for OPNsense interfaces (wan, lan and opt1).

https://www.zenarmor.com/docs/network-security-tutorials/how-to-configure-transparent-filtering-bridge-on-opnsense

4
24.7 Production Series / Re: Configuration help needed
« on: October 22, 2024, 07:22:14 pm »
Quote from: viragomann on October 22, 2024, 02:17:42 pm
Quote from: glen4cindy on October 14, 2024, 04:39:48 am
After everything was configured and working, I moved LAN and WAN so it was between my modem and router. .
Which subnet is this?
How is your router accessing the internet?

You said, you assigned an IP to the bridge interface, which? Which subnet?
Which IP has OPT1?

Do not bridge WAN with LAN. LAN is configured for management. Keep it that way. Instead, bridge WAN with OPT1.

5
General Discussion / Re: Can't Update OPNSense after successful "transparent bridge" set up.
« on: August 27, 2024, 07:02:58 pm »
I have an OOB network, too, but I don't really use it since I have only 3 devices that can be connected to it. Instead, I use a protected VLAN for the management tasks and that's where my OPNsense management interface is connected to.

OOP means routing disabled and no connection to any other network so, if you connected your OPNsense management interface to it, you would not be able to access Internet from it.

6
General Discussion / Re: Can't Update OPNSense after successful "transparent bridge" set up.
« on: August 27, 2024, 05:37:26 pm »
As I said in my first message, you need to treat the OPNsense management interface like any other client device on your internal network. The management interface cannot access Internet through the bridge directly. It can access Internet only through the internal network which, of course, itself needs to have access to Internet.

I have modified one of the diagrams from that article hoping that it will help you. Take a look at the attachment.


7
General Discussion / Re: Can't Update OPNSense after successful "transparent bridge" set up.
« on: August 27, 2024, 12:30:10 am »
https://www.zenarmor.com/docs/network-security-tutorials/how-to-configure-transparent-filtering-bridge-on-opnsense

8
General Discussion / Re: Can't Update OPNSense after successful "transparent bridge" set up.
« on: August 26, 2024, 05:35:07 pm »
I'm not sure why you've provided this information. I was writing about subnets, not physical interfaces. The only thing I can add to my previous message is that you need to use the OPNsense LAN for your management interfaces. If you bridged the OPNsense WAN with LAN and used some OPT for the management interfaces, you need to change it. Bridge WAN with OPT and, again, use LAN for the management interface. Good luck.


9
General Discussion / Re: Can't Update OPNSense after successful "transparent bridge" set up.
« on: August 25, 2024, 09:50:22 pm »
The OPNsense management side needs to have access to Interent to receive updates. Your IP configuration doesn't look right.

If you configure OPNsense as a transparent firewall, you should have only one subnet on it. That subnet should be on your internal network and have access to Internet. The OPNsense management side should be treated just like any other endpoint device on that network. The OPNsense management interfaces should have an IP address on the subnet and the OPNsense gateway should be set to the IP address of the gateway in the subnet.

10
General Discussion / Re: New setup - tagged vlan for default LAN interface
« on: August 07, 2024, 12:20:43 am »
The OPNsense parent interface is your untagged VLAN on the switch, i.e. the native VLAN of the trunk. Child interfaces will be your tagged VLANs.

11
General Discussion / Re: Transparant Bridge mode
« on: August 07, 2024, 12:08:27 am »
Quote from: ldanna1945 on August 05, 2024, 07:46:07 pm
Trying to access OPNsense web GUI. in transparent bridge mode. Connections are as follows.
WAN connection from Modem to WAN connection on OPNSense 1x1.  the  LAN connection 1x0 on OPNSense to the WAN in on the router. LAN out from router to a switch. My computer connected to the switch.  Access to internet works at this point indicating bridge is working.
I connected third  NIC  on OPNSense 1x2  to the switch and configured the connection in OPNsense via serial CLI to be configured via DHCP.
OPNSense got an address of 192.168.1.168 from the router. My computer has an address of 192.168.1.166.  Ping to internet is successful. Ping to 1x2 address 192.168.1.168 failed and I cannot access web GUI.

So what am I doing wrong or is there another configuration I should try.

Thanks

LArry

Use the OPNsense LAN as the management interface, i.e. connect it to the switch. Connect the extra third NIC to the router WAN. Bridge the OPNsense WAN and the third NIC (OPT1). Do it exactly as described here.

https://www.zenarmor.com/docs/network-security-tutorials/how-to-configure-transparent-filtering-bridge-on-opnsense

It works.

12
General Discussion / Re: Static Routing vs Firewall based
« on: June 04, 2024, 04:04:26 am »
Do you mean the routing based on a routing table vs PBR (Policy Based Routing)? Note that there are dynamic routing protocols which use routing tables. Anyway, there is always a routing table and I think using PBR should be avoided. PBR is like using "GOTO" in the old days of computer programming.

13
General Discussion / Re: [SOLVED] Can't connect to Web GUI after trying to implement Transparent Bridge
« on: May 13, 2024, 12:36:24 am »
That's not the best video. It keeps mixing a mini-pc with 2 NICs with one with 4 NICs. I think he used a 4-NIC mini-pc in the end. You can add another NIC by attaching a RJ45 USB adapter and using it for OPT1.

Follow these instructions instead.
https://www.zenarmor.com/docs/network-security-tutorials/how-to-configure-transparent-filtering-bridge-on-opnsense

14
General Discussion / Re: Can't connect to Web GUI after trying to implement Transparent Filtering Bridge
« on: May 10, 2024, 03:10:05 am »
Make sure the upstream gateway is set up correctly. My OPNsense interface is on my management VLAN and the VLAN's SVI is the gateway. This gives OPNsense access to my local network and Internet. I have Unbound DNS enabled with some block lists and no other custom DNS setting on OPNsense, so OPNsense uses it for Internet address resolution. For my local devices, I have 2 other DNS servers which use the OPNsense DNS as a forwarder.

15
General Discussion / Re: Looking for some guidance on a new network setup
« on: May 08, 2024, 06:43:05 pm »
When you go VM and VLAN, there is a psychical layer and logical layer. The way I approach it, I design my network in the logical layer first and than I try to implement it in the physical layer. The physical layer usually have some limitations that force me to make adjustments to the logical layer.

If I wanted to get any sound advice about my network setup, I would present both views of my network, and include the capabilities of the involved devices.

Pages: [1] 2
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2