Messages

You pointed me in the right direction.  host12 has two default routes:  on to 3.1 (the lan gateway) & one to 1.1 (the wifi gateway).  Apperently, RHEL 9 handles the networks during installation differently then rhel 8 does.  Now I have to figure out what RHEL 9 is doing differently.

Thanks for pointing me in the right direction.

I have servers on my LAN interface that I want to administer from my desktop on the WIFI interface. I set a floating rule that should allow my desktop go to any interface. The default LAN rule should allow the servers on the LAN to go anywhere. I can ping any host on the LAN except host12. Host12 can ping the desktop. Other hosts on the LAN can ping host12. Traceroute shows that my desktop makes it to the wifi interface of the opnsense router; but then it dies.

I turned off the firewalls on host1 & my desktop so they are not the issue. The log files for both the one that works and the one dosen't looks the same.

Any suggestions on how to track down this problem.

LAN 2025-05-21T11:30:54-04:00 172.16.1.8 172.16.3.12 icmp
WIFI 2025-05-21T11:30:54-04:00 172.16.1.8 172.16.3.12 icmp
LAN 2025-05-21T11:30:46-04:00 172.16.1.8 172.16.3.14 icmp
WIFI 2025-05-21T11:30:46-04:00 172.16.1.8 172.16.3.14 icmp

I am having trouble stetting up a static IPb6 on Comcast.  I have a business account and they told me I was assigned 2603:XXX:YYY:ZZZ::/56.  Everything I have read online says that I should set the WAN interface to DHCPv6 and the prefix delegation size to "56".   When I do that I see the following on the Comcast modem:

Internet: Active
WAN IP Address (IPv6): 2001:558:6031:70:a59d:4c3:f6fc:ce79
WAN Default Gateway Address (IPv6): fe80::201:5cff:fea9:5246
Delegated prefix (IPv6): 2601:980:c300:4f0::/64
WAN Link Local Address (IPv6): fe80::fad2:acff:fe94:16a
DHCP Client (IPv6): Enabled


And the WAN interface shows:

# ifconfig em0
em0: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
description: WAN (wan)
options=4802028<VLAN_MTU,JUMBO_MTU,WOL_MAGIC,HWSTATS,MEXTPG>
ether 52:54:00:23:cf:af
inet 50.76.207.253 netmask 0xfffffff8 broadcast 50.76.207.255
inet6 fe80::5054:ff:fe23:cfaf%em0 prefixlen 64 scopeid 0x1
inet6 2601:980:c300:4f0:5054:ff:fe23:cfaf prefixlen 64 autoconf pltime 300 vltime 300
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>


I have also set a VLAN interface's "IPV6 configuration Type" to "tracking". 

The VLAN only shows a link-local IPv6 address.

Is there a HOW-TO for configuring an static IPv6 that doesn't use DHCP to get the address?

Here is my routing table from ipfire:

[root@ipfire ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         50.76.207.254   0.0.0.0         UG    0      0        0 red0
50.76.207.248   0.0.0.0         255.255.255.248 U     0      0        0 red0
50.76.207.254   0.0.0.0         255.255.255.255 UH    0      0        0 red0
172.16.1.0      0.0.0.0         255.255.255.0   U     0      0        0 blue0
172.16.3.0      0.0.0.0         255.255.255.0   U     0      0        0 green0


The main difference I see is that every interface show the default gateway as the gateway. 

Is there a way to do somethin similar in opnsense?

I can see how that would work.  However, it doesn't clear up my confusion.  The first rule:

Protocol        Source          Port    Destination     Port    Gateway     Schedule                Description
    IPv4 *          WIFI net        *         WAN net            *        *               *

should send all non-WIFI net traffic to the WAN interface which has x.x.x.254 as the default route.

root@opnsense:~ # netstat -4rn
Routing tables

Internet:
Destination        Gateway            Flags     Netif Expire
default            50.76.207.254      UGS         em0
50.76.207.248/29   link#1             U           em0
172.16.1.0/24      link#3             U           em2
172.16.1.1         link#5             UHS         lo0
172.16.3.0/24      link#2             U           em1
172.16.3.1         link#5             UHS         lo0

What am I missing?

The question relates to WIFI<==> WAN.  I want hosts on the WIFI to be able to access the internet without being able to access the LAN.  That is what I thought the first rule was supposed to do.  So far, I am only able to have the WIFI hosts access the internet if I enable the thrid rule which allows the WIFI hosts to also access the LAN.

x.x.x.254 is defined as the default gateway.  Shouldn't any traffic that is not on any of my local nets automatically go to x.x.x.254?  That is what Ipfire does?

I am trying to replace an Ipfire router/firewall with OpnSense and I am having  problems with the firewall rules.

At the moment, everything has a static IP and have 4 interfaces: WAN, LAN, DMZ, and WIFI.  My WAN configuration is:

opnsense x.x.x.253 ------ x.x.x.254 comcast

The LAN works as expected.  I am having problems with the WIFI network.  I put 3 rules in the WIFI firewall rules:

Protocol        Source          Port    Destination     Port    Gateway     Schedule                Description
    IPv4 *          WIFI net        *         WAN net            *        *               *
    IPv4 *          WIFI net        *         WIFI net            *         *               *
    IPv4 *          WIFI net        *                 *                *         *               *

With all 3 rules enabled, a host on the WIFI network can access the internet.  If I disable the last rule, a host on the WIFI network can no longer get to the internet.  But, it can ping the WIFI interface, the x.x.x.253 interface, and the x.x.x.254 interface.  It just can't reach anthing beyond the 254 interface.

Any idea what I may have misconfigured?