1
General Discussion / Need help accessing a server on a bridged interface
« on: September 02, 2024, 08:55:57 pm »
First some background to why I'm trying to do such an odd setup.
At work, we're currently using a SonicWall TZ350 but would like to switch over to opnsense.
Right now the SonicWall is configured to have WAN on one interface, and LAN with a NAT on another interface (as one would expect). Then there's an additional interface configured to be in "Transparent IP Mode" as SonicWall refers to it. Basically, it's allowing us to have a server be assigned a public IP address directly. To me, this sounds an awful lot like a bridge, but if a bridge is the wrong way to do this, let me know.
Right now I have opnsense configured with: a physical LAN interface, physical WAN interface, physical SERVER interface, and a logical WAN_BRIDGE interface that is a bridge of the WAN and SERVER interfaces.
The WAN_BRIDGE is essentially acting as my new WAN interface, and is how everything is reaching the internet right now.
LAN still has a standard NAT and devices on that network can access the internet as nomal.
I've got a web server directly connected to the SERVER interface, and it is able to access the internet using the WAN_BRIDGE interface. I can also access the server from outside my network.
The problem I'm having right now (and I'm sure is probably something to do with an outbound NAT rule or just a firewall rule), is devices on the LAN network are unable to access the server that's connected to the WAN_BRIDGE network. Pinging the server works, but I strongly suspect that's just the opnsense firewall responding to pings.
Any help or pointers on how to access that server from LAN would be super appreciated!
At work, we're currently using a SonicWall TZ350 but would like to switch over to opnsense.
Right now the SonicWall is configured to have WAN on one interface, and LAN with a NAT on another interface (as one would expect). Then there's an additional interface configured to be in "Transparent IP Mode" as SonicWall refers to it. Basically, it's allowing us to have a server be assigned a public IP address directly. To me, this sounds an awful lot like a bridge, but if a bridge is the wrong way to do this, let me know.
Right now I have opnsense configured with: a physical LAN interface, physical WAN interface, physical SERVER interface, and a logical WAN_BRIDGE interface that is a bridge of the WAN and SERVER interfaces.
The WAN_BRIDGE is essentially acting as my new WAN interface, and is how everything is reaching the internet right now.
LAN still has a standard NAT and devices on that network can access the internet as nomal.
I've got a web server directly connected to the SERVER interface, and it is able to access the internet using the WAN_BRIDGE interface. I can also access the server from outside my network.
The problem I'm having right now (and I'm sure is probably something to do with an outbound NAT rule or just a firewall rule), is devices on the LAN network are unable to access the server that's connected to the WAN_BRIDGE network. Pinging the server works, but I strongly suspect that's just the opnsense firewall responding to pings.
Any help or pointers on how to access that server from LAN would be super appreciated!