"
Great thank you. Currently only need the four interfaces on the server, so it's all cool. For now :-)
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#2
25.1, 25.4 Production Series / Re: VLan configuration question
March 08, 2025, 11:09:42 PM
Yeah they are physical nic in the server.
Does VLan offer anything over NIC??
And also I suppose I just create rules in opnsense to isolate the interfaces??
Does VLan offer anything over NIC??
And also I suppose I just create rules in opnsense to isolate the interfaces??
#3
25.1, 25.4 Production Series / VLan configuration question
March 08, 2025, 05:45:18 PM
Hey, new setup of opnsense and want to segregate my web facing servers from my internals.
I want to put all of the internet facing servers in a VLan using opnsense allowing segregation from my internal servers.
I have Proxmox on HP proliant server configuration as below:
Internet -- Eth 0 (opensense WAN)
Eth 1 -- Managed switch (opensense LAN)
Eth 2 -- Managed switch (segregated servers)
Eth 3 -- Managed switch (internal servers)
My question is do I add Eth 2 as an interface and then create a VLan and use Eth 2 as the parent?
Or do add new VLan and add Eth 1 as the parent ?
Will this then segregate Eth 3 and Eth 2 traffic or do I need to add rules ?
Also can I have Eth 2 on a different subnet Vs Eth 3 e.g. 10.0.10.x and 192.168.1.x ?? This just helps me remember where I am when I am logged in to each server.
Side note - I have managed to use rules to block traffic from Eth 2 to Eth 3 but I his doesn't seem efficient or safe / right to do.
Thanks for help
BiG
I want to put all of the internet facing servers in a VLan using opnsense allowing segregation from my internal servers.
I have Proxmox on HP proliant server configuration as below:
Internet -- Eth 0 (opensense WAN)
Eth 1 -- Managed switch (opensense LAN)
Eth 2 -- Managed switch (segregated servers)
Eth 3 -- Managed switch (internal servers)
My question is do I add Eth 2 as an interface and then create a VLan and use Eth 2 as the parent?
Or do add new VLan and add Eth 1 as the parent ?
Will this then segregate Eth 3 and Eth 2 traffic or do I need to add rules ?
Also can I have Eth 2 on a different subnet Vs Eth 3 e.g. 10.0.10.x and 192.168.1.x ?? This just helps me remember where I am when I am logged in to each server.
Side note - I have managed to use rules to block traffic from Eth 2 to Eth 3 but I his doesn't seem efficient or safe / right to do.
Thanks for help
BiG
#4
24.7, 24.10 Legacy Series / Re: Port forwarding woes
March 07, 2025, 11:49:40 AM
Closed - OP was being dense. Forgot to add gateway to the server..... Traffic getting but it couldn't respond 😬😞
#5
24.7, 24.10 Legacy Series / Re: Port forwarding woes
March 07, 2025, 11:10:08 AM
Update:
Updated to 25.1 and cross posted there too.
Updated to 25.1 and cross posted there too.
#6
25.1, 25.4 Production Series / Port forwarding woes (update)
March 07, 2025, 11:09:42 AM
Hi
(Note just updated to 25.1, cross post from 24.7)
Just switched from physical based router and PiHole for my routing/firewall/DNS solution
I have all my routing set up and firewall config ok.
I am now trying to set up port forwards, which on my Asus router was a doddle.
I am currently using Proxmox on a 19" server with 4x Ethernet
1* Opensense wan
1* Opensense lan
1* Private servers
1* Internet facing servers
I am using a managed switch which will be used to Vlan the physical ethernet port.
What I want to ultimately have is my internet facing services (game servers, photo servers, wiki etc) on a VLAN isolating from internal servers.
So to try this out I have created a new VM and used the Private server ethernet device. This works and I can reach the new server from inside the network.
I tag the ethernet device with a different Vlan tag and I can no longer see the server.
Now to the port forwarding part
For all of this I have switched of Vlan and all server are on the same Vlan.
So I have set a new NAT port forwarding
Interface: wan
TCP: Ipv4
Protocol TCP
Destination: wan net
Destination port: from 4444 to 4444
Redirect IP: 192.168.x.y
Redirect port: 88 (listened to by Apache for test)
Nat reflection: enable
Filter rule association: None
And added a new rule
Action: Pass
Quick: True
Interface: wan
Direction: in
TCP: IPv4
Protocol: TCP
Source/Invert: false
Source: Any
Destination/Invert: false
Destination: single host = 192.168.x.y/24
Destination port range: from 88 to 88
No XML: disabled
Gateway: default
Advanced: all default
Now I can see the server from inside network fine, going to 192.168.x.y:88 takes me to the server
However, going to my public IP:4444 causes timeout.
I look in firewall log and can see that my redirect rule has kicked in and that the inbound rule is working (green entry on firewall log) and that the outbound "let out anything from firewall host itself" rule has kicked in (green entry on firewall log)
But my device (mobile phone) does not see the server page!
Any thoughts as I have tried lots of different options!!
Thanks BiG
(Note just updated to 25.1, cross post from 24.7)
Just switched from physical based router and PiHole for my routing/firewall/DNS solution
I have all my routing set up and firewall config ok.
I am now trying to set up port forwards, which on my Asus router was a doddle.
I am currently using Proxmox on a 19" server with 4x Ethernet
1* Opensense wan
1* Opensense lan
1* Private servers
1* Internet facing servers
I am using a managed switch which will be used to Vlan the physical ethernet port.
What I want to ultimately have is my internet facing services (game servers, photo servers, wiki etc) on a VLAN isolating from internal servers.
So to try this out I have created a new VM and used the Private server ethernet device. This works and I can reach the new server from inside the network.
I tag the ethernet device with a different Vlan tag and I can no longer see the server.
Now to the port forwarding part
For all of this I have switched of Vlan and all server are on the same Vlan.
So I have set a new NAT port forwarding
Interface: wan
TCP: Ipv4
Protocol TCP
Destination: wan net
Destination port: from 4444 to 4444
Redirect IP: 192.168.x.y
Redirect port: 88 (listened to by Apache for test)
Nat reflection: enable
Filter rule association: None
And added a new rule
Action: Pass
Quick: True
Interface: wan
Direction: in
TCP: IPv4
Protocol: TCP
Source/Invert: false
Source: Any
Destination/Invert: false
Destination: single host = 192.168.x.y/24
Destination port range: from 88 to 88
No XML: disabled
Gateway: default
Advanced: all default
Now I can see the server from inside network fine, going to 192.168.x.y:88 takes me to the server
However, going to my public IP:4444 causes timeout.
I look in firewall log and can see that my redirect rule has kicked in and that the inbound rule is working (green entry on firewall log) and that the outbound "let out anything from firewall host itself" rule has kicked in (green entry on firewall log)
But my device (mobile phone) does not see the server page!
Any thoughts as I have tried lots of different options!!
Thanks BiG
#7
24.7, 24.10 Legacy Series / Port forwarding woes - CLOSED
March 07, 2025, 10:27:03 AM
Hi
Just switched from physical based router and PiHole for my routing/firewall/DNS solution
I have all my routing set up and firewall config ok.
I am now trying to set up port forwards, which on my Asus router was a doddle.
I am currently using Proxmox on a 19" server with 4x Ethernet
1* Opensense wan
1* Opensense lan
1* Private servers
1* Internet facing servers
I am using a managed switch which will be used to Vlan the physical ethernet port.
What I want to ultimately have is my internet facing services (game servers, photo servers, wiki etc) on a VLAN isolating from internal servers.
So to try this out I have created a new VM and used the Private server ethernet device. This works and I can reach the new server from inside the network.
I tag the ethernet device with a different Vlan tag and I can no longer see the server.
Now to the port forwarding part
For all of this I have switched of Vlan and all server are on the same Vlan.
So I have set a new NAT port forwarding
Interface: wan
TCP: Ipv4
Protocol TCP
Destination: wan net
Destination port: from 4444 to 4444
Redirect IP: 192.168.x.y
Redirect port: 88 (listened to by Apache for test)
Nat reflection: enable
Filter rule association: None
And added a new rule
Action: Pass
Quick: True
Interface: wan
Direction: in
TCP: IPv4
Protocol: TCP
Source/Invert: false
Source: Any
Destination/Invert: false
Destination: single host = 192.168.x.y/24
Destination port range: from 88 to 88
No XML: disabled
Gateway: default
Advanced: all default
Now I can see the server from inside network fine, going to 192.168.x.y:88 takes me to the server
However, going to my public IP:4444 causes timeout.
I look in firewall log and can see that my redirect rule has kicked in and that the inbound rule is working (green entry on firewall log) and that the outbound "let out anything from firewall host itself" rule has kicked in (green entry on firewall log)
But my device (mobile phone) does not see the server page!
Any thoughts as I have tried lots of different options!!
Thanks BiG
Just switched from physical based router and PiHole for my routing/firewall/DNS solution
I have all my routing set up and firewall config ok.
I am now trying to set up port forwards, which on my Asus router was a doddle.
I am currently using Proxmox on a 19" server with 4x Ethernet
1* Opensense wan
1* Opensense lan
1* Private servers
1* Internet facing servers
I am using a managed switch which will be used to Vlan the physical ethernet port.
What I want to ultimately have is my internet facing services (game servers, photo servers, wiki etc) on a VLAN isolating from internal servers.
So to try this out I have created a new VM and used the Private server ethernet device. This works and I can reach the new server from inside the network.
I tag the ethernet device with a different Vlan tag and I can no longer see the server.
Now to the port forwarding part
For all of this I have switched of Vlan and all server are on the same Vlan.
So I have set a new NAT port forwarding
Interface: wan
TCP: Ipv4
Protocol TCP
Destination: wan net
Destination port: from 4444 to 4444
Redirect IP: 192.168.x.y
Redirect port: 88 (listened to by Apache for test)
Nat reflection: enable
Filter rule association: None
And added a new rule
Action: Pass
Quick: True
Interface: wan
Direction: in
TCP: IPv4
Protocol: TCP
Source/Invert: false
Source: Any
Destination/Invert: false
Destination: single host = 192.168.x.y/24
Destination port range: from 88 to 88
No XML: disabled
Gateway: default
Advanced: all default
Now I can see the server from inside network fine, going to 192.168.x.y:88 takes me to the server
However, going to my public IP:4444 causes timeout.
I look in firewall log and can see that my redirect rule has kicked in and that the inbound rule is working (green entry on firewall log) and that the outbound "let out anything from firewall host itself" rule has kicked in (green entry on firewall log)
But my device (mobile phone) does not see the server page!
Any thoughts as I have tried lots of different options!!
Thanks BiG
Pages1
