1
General Discussion / Clean install won't allow internal VLANs to connect to internet
« on: May 27, 2019, 07:19:27 am »
Howdy,
My internal network has 5 VLANs:
192.168.1.0/24 - management VLAN
192.168.10.0/24 - main VLAN - opnsense has its LAN IP in this one.
192.168.20.0/24 - storage VLAN
192.168.30.0/24 - wifi VLAN
192.168.40.0/24 - telephony VLAN
The opnsense firewall has its internal LAN IP set to 192.168.10.1, so it's in the .10.0/24 (aka main VLAN) and, as such, all the devices on that VLAN are able to connect to the internet with no problem - right after the clean install of opnsense, with no additional firewall rules.
Now the tricky part: for the rest of the VLANs (at least in pfsense) I used to create a GW pointing to the switch's main IP (192.168.10.254) and add static routes to instruct the pfsense to send the replies for those VLAN networks through the newly added GW IP (192.168.10.254 one). The last step, would be to add firewall rules on the LAN interface and allow the traffic to and from the said VLANs. After these steps all the devices in the network are capable to reach the interwebz.
In opnsense, the same reproducible set up does not work. I've tried twice a clean install and the above steps and verify my logic, to no avail. What steps function flawlessly in pfsense, produce no good result in opnsense.
What strikes me is that the firewall live view log says that the Wifi VLAN requests are showing as if they are originating from the firewall itself and not from the internal network.
What am I missing here? Is the firewall set up different in OPNSense vs what it was in pfsense?
I'd like very much to use opnsense so I could put to work the QoS prioritization wizard.
My internal network has 5 VLANs:
192.168.1.0/24 - management VLAN
192.168.10.0/24 - main VLAN - opnsense has its LAN IP in this one.
192.168.20.0/24 - storage VLAN
192.168.30.0/24 - wifi VLAN
192.168.40.0/24 - telephony VLAN
The opnsense firewall has its internal LAN IP set to 192.168.10.1, so it's in the .10.0/24 (aka main VLAN) and, as such, all the devices on that VLAN are able to connect to the internet with no problem - right after the clean install of opnsense, with no additional firewall rules.
Now the tricky part: for the rest of the VLANs (at least in pfsense) I used to create a GW pointing to the switch's main IP (192.168.10.254) and add static routes to instruct the pfsense to send the replies for those VLAN networks through the newly added GW IP (192.168.10.254 one). The last step, would be to add firewall rules on the LAN interface and allow the traffic to and from the said VLANs. After these steps all the devices in the network are capable to reach the interwebz.
In opnsense, the same reproducible set up does not work. I've tried twice a clean install and the above steps and verify my logic, to no avail. What steps function flawlessly in pfsense, produce no good result in opnsense.
What strikes me is that the firewall live view log says that the Wifi VLAN requests are showing as if they are originating from the firewall itself and not from the internal network.
What am I missing here? Is the firewall set up different in OPNSense vs what it was in pfsense?
I'd like very much to use opnsense so I could put to work the QoS prioritization wizard.