Messages

Thanks for the reply lucifercipher,

I did try with various static routes with no success.  However, the easiest solution in the end was to set up a basic debian/ubuntu box (which does allow non-reachable gateways (but only post-installation)) to act as a NAT point and blindly forwards traffic both ways.  Then attached to this is OPNSense as usual.

I've just started using a dedicated server from OVH with ESXi, with an additional IP address.  The additional IP address is assigned by ovh, and they also give a MAC address, which I have to set on the virtual machine running OPNsense (all of which is fine).  However, the gateway you have to use for this additional IP address, *must* be the gateway of the network that the ESX host itself is sitting on.  They explain it here: http://help.ovh.co.uk/BridgeClient

OPNsense doesn't allow a gateway which is not on the WAN subnet, so to make it work I added the following routing commands in /usr/local/etc/rc, immediately before the 'exit 0' at the end.

Code Select Expand

route add -net 12.34.56.78 -iface vmx1
route add default 12.34.56.78

This now allows the OPNsense machine to access the Internet etc.  However, a client on the LAN side of OPNsense cannot.  Using tcpdump I can see the ping packets from the LAN client, hitting the WAN interface of OPNsense, but nothing after that.

Is there anything I can do to get this situation working?

Many thanks,
Steve