Messages

Hi there,

I am trying to set up a transparent filtering bridge on my home network. My topology is as follows: Modem -> Firewall -> Router.

After much frustration and confusion, I set up a dedicated MGMT port, with a small DHCP pool of about 10 addresses and a static IP of 192.168.1.2. While I would like to be able to access the firewall from my LAN through the MGMT port, it suffices for now and I can configure everything as I need to. The issue I am having is is that even after I double-checked that I followed OPNSenses documentation on the subject correctly, I am not able to communicate to the outside internet. WAN and LAN are both there, and The Bridge is there and enabled, I believe I set the firewall rules correctly on all three interfaces, but still, no dice. When I connect everything up my router displays an error saying that my "ISPs DCHP Service isn't working" My hunch is that I missed something in the configuration of the firewall that prevents the passthrough of the necessary DHCP data to my router, or due to my model of router (ASUS RX-AT82U v2) I need to put the router into a different mode for the bridge to properly work. However, both of these are just guesses. I have attached some pictures of my settings to see if anyone can spot anything...  Thank you in advance!

https://imgur.com/a/h059gW2

I had to use IMGUR because the attachments were too large

So I restored the config from a backup and changed the MGMT Address to 192.168.2.1, Everything broke. I thought I would need to update my firewall rules accordingly but either there is nothing to change or I am not seeing the thing I need to change.

That being said, there could just totally be on setting or something that I am missing. Any other suggestions?

So I restored the config from a backup and changed the MGMT Address to 192.168.2.1, Everything broke. I thought I would need to update my firewall rules accordingly but either there is nothing to change or I am not seeing the thing I need to change.

What do you suggest I do?

Hi there,

Thanks for getting back to me, so I'll explain the interfaces I have going on. I have 2 USB to Gigabit Ethernet adapters acting as my WAN and LAN ports respectively. For the MGMT port I am using the built in Gigabit ethernet. I want the address for this MGMT port to be 192.168.1.2 since my router is 192.168.1.1.

I did not configure any VLANs or DCHP. At least at this point becuase its in my lab. After troubleshooting some more and reseting a few more times I was able to get into the GUI via the LAN, then add a MGMT interface and set the nessisary firewall rules to enable the GUI on said interface. I saw this happen live as it switch to the login screen becuase I had 192.168.1.2 open on another
screen. Now here's where it gets super funky. I went ahead and tried to enable the bridge. I got to the point where I created the bridge and confirmed it. But then it broke again, this time it wasn't just the firewall, it was my entire network, even those on the wifi not physically attached to my router or switch would not reach the internet. I thought I saw a DNS related error but I'm not 100% sure. I was able to fix the issue by simply jusy shutting off the box and the network came back. I can see how this sort of thing could happen when I move it into its final position but while in my lab, I shouldn't break my entire network. am at a complete loss as to what is going on here. I did make a backup of the configuration before I made the bridge so I should be able to get back to where I was.

I hope I cleared some things up

Hello Everyone,

I seem to just not have any luck when it comes to this OPNSense. The software has been nothing but trouble for me and I am determined to figure it out. I have installed OPNSense on a Dell Optiplex Micro That I have lying around. I am specifically trying to set it up as a transparent filtering bridge so that all of the packets coming into my network are inspected before they hit my router. So it would go (MODEM - FIREWALL - ROUTER) However this seems to be too large of a task, for the life of me, I could not get into the GUI interface to make the bridge, even with a 3rd connection set up as a management port. So I decided to backtrack and go more simple. I brought the Firewall up to my homelab and connected it to my ethernet port in my room which is directly connected to the router. I re-run the setup and the auto-detector picks up just a WAN address. This address is within my local subnet which makes sense so I go to that address in Edge and am able to enter the GUI.

Next, I started to follow the guide to set up the bridge. Because no LAN port was auto-detected I manually created one and began following the steps to make the bridge. Everything went well until I applied the changes disabling BOGON networks. It was at this point that I lost access to the GUI. After learning about what BOGON networks are, losing access to the GUI made sense. They were local addresses. I took a break and thought about it for a while. I then had the idea to make an MGMT interface and connect through that, so whenever I make changes to the WAN/LAN bridge I should still be connected. However, for whatever reason, as soon as I apply the changes that create and enable a new MGMT interface I lose access to the GUI.

The only way I have found to regain access is to factory reset the system and then log in using the new WAN address that it picks up. I should probably mention that the other two interfaces, LAN and MGMT are connected to an 8-port basic switch. just so that no matter how it has to do it, it can somehow reach back to my router. I think this is where at least part of my problem lies. However, I don't even know of any other ways I can test it, with all of the ports I am going to use connected.

I have a feeling that the answer is so simple, a mismatched address or a wrong setting but I cannot figure it out for the life of me. Hopefully, someone can help! Please let me know if i missed anything or have any questions!