"
Hi all,
I am new to opnsense and I am trying to configure a small network with it.
The ISP CPE modem is multihomed (public network X, with X gateway, public network Y, with Y gateway, private network Z, with Z gateway).
I have a opnsense router that I phisically connected to the ISP CPE modem using an interface and to an internal switch using another interface. The ISP CPE modem is connected to internet and X and Y network are configured to be accessible from outside.
I would like to allow devices on VLAN 1000, attached to the switch, to be able to use addresses from Y network and be accessible from outside and use an address from X network for the router. I also want to use port-forwarding on X router address.
I decided to create a bridge between VLAN 1000 and ISP CPE modem, and assign WAN to it.
So:
Current situation is:
- I can access port-forwarded services and Y devices from internet;
- I can access port-forwarded services from LEGACY;
- I can access Y devices from the router itself;
- I cannot access Y devices from LEGACY: packets get SNATed to the X router address, but they do not reach the device;
- I cannot access port-forwarded services from Y devices: packes get DNATed to the internal address of the services, but they do not reach the service.
I spent several hours trying to understand/solve the issue, but I was not able to find any solution yet.
What can be the issue?
I am new to opnsense and I am trying to configure a small network with it.
The ISP CPE modem is multihomed (public network X, with X gateway, public network Y, with Y gateway, private network Z, with Z gateway).
I have a opnsense router that I phisically connected to the ISP CPE modem using an interface and to an internal switch using another interface. The ISP CPE modem is connected to internet and X and Y network are configured to be accessible from outside.
I would like to allow devices on VLAN 1000, attached to the switch, to be able to use addresses from Y network and be accessible from outside and use an address from X network for the router. I also want to use port-forwarding on X router address.
I decided to create a bridge between VLAN 1000 and ISP CPE modem, and assign WAN to it.
So:
- I created PUBLIC (VLAN 1000, vlan0.1000) and MODEM (ISP CPE modem, igc0) interfaces
- I created bridge0 bridge on top of PUBLIC and MODEM (I also disabled pfil_member and enabled pfil_bridge and set outbound NAT mode to hybrid)
- I created WLAN (bridge0), I assigned IP from X and defined X gateway
- I assigned some devices attached to VLAN 1000 IPs from Y and defined Y gateway as default
- I created LEGACY (VLAN 100, vlan0.100) and assigned private network to it, with the opnsense router acting as a gateway
- I defined some port-forwarding rules (with reflection), mapping some services from LEGACY network
Current situation is:
- I can access port-forwarded services and Y devices from internet;
- I can access port-forwarded services from LEGACY;
- I can access Y devices from the router itself;
- I cannot access Y devices from LEGACY: packets get SNATed to the X router address, but they do not reach the device;
- I cannot access port-forwarded services from Y devices: packes get DNATed to the internal address of the services, but they do not reach the service.
I spent several hours trying to understand/solve the issue, but I was not able to find any solution yet.
What can be the issue?
