1
General Discussion / Configuring outbound access for multiple subnets on a layer 3 switch
« on: May 16, 2019, 05:21:54 am »
All,
I've got Opnsense up and running, and behind it I have a Ubiquiti layer 3 switch.
I struggled for a while, but finally figured out that I needed to add a rule on the firewall to allow a subnet access to the firewall.
So far, I have this:
Internet <> OpnSense <172.31.255.0/24 > Ubiquiti <172.31.120.0/24
Hosts on the 120.0 subnet can get to, but not beyond, the firewall. By this I mean that from a host on the 120.0 subnet, I can ping and log to the opnsense box via ssh/https, but I can't ping e.g. 8.8.8.8, nor get DNS requests from 8.8.8.8. I see lots of denies from the default deny rule for these hosts.
Requests for configs happily provided, I've got the config xml file available for perusal.
Thanks,
Kurt
I've got Opnsense up and running, and behind it I have a Ubiquiti layer 3 switch.
I struggled for a while, but finally figured out that I needed to add a rule on the firewall to allow a subnet access to the firewall.
So far, I have this:
Internet <> OpnSense <172.31.255.0/24 > Ubiquiti <172.31.120.0/24
Hosts on the 120.0 subnet can get to, but not beyond, the firewall. By this I mean that from a host on the 120.0 subnet, I can ping and log to the opnsense box via ssh/https, but I can't ping e.g. 8.8.8.8, nor get DNS requests from 8.8.8.8. I see lots of denies from the default deny rule for these hosts.
Requests for configs happily provided, I've got the config xml file available for perusal.
Thanks,
Kurt