OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of GorillaArms »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - GorillaArms

Pages: [1]
1
General Discussion / Re: Multi-Level Configuration
« on: July 26, 2018, 01:51:12 am »
Bart, no it doesn't.  The internet router only sees the 192.* addresses.  I can certainly try setting a static route there for all 10.* addresses to route back to the opnsense device.  Thoughts?

2
General Discussion / Multi-Level Configuration
« on: July 25, 2018, 12:49:25 pm »
This may appear to be somewhat of a bizarre configuration, but it has some utility given my needs.  I'm running OPNSense 18.1 as a frontend firewall which handles traffic/DHCP for a private LAN.  One of the private LAN clients is also a gateway to a separate private LAN that is utilized for a different purpose.  The network looks like this:

- External Internet connected to a router
- Router generates 192.168.5.* addresses for clients
- OPNSense Firewall is a client to the router (the only client) and generates 192.168.1.* addresses for clients
- There is an OSX Server client (192.168.1.102) behind OPNSense (there are multiple clients) that serves as a gateway to another private LAN.  The OSX Server generates addresses of 10.0.0.* for its clients. 

INET -> Router -- 192.168.5.* --> OPNSense Firewall -- 192.168.1.* --> OSX Client -- 10.0.0.* --> Private LAN

So... everything works until you get to the 10.0.0.* private LAN.  The OPNSense firewall and the OSX Client can see the outside internet.  However, the 10.0.0.* clients, cannot.  I checked the OPNSense firewall logs and it was blocking all traffic from the 10.0.0.* as these addresses were not within range of the OPNSense LAN (192.168.1.*).  I created a network alias for the 10.0.0.* range and create a firewall rules to permit traffic from that alias.  The firewall becomes happy again and starts routing traffic forwarded (NAT) from the 10.0.0.* range.  However, I don't believe OPNSense is correctly routing any packets back to the OSX client to NAT for the 10.0.0.* clients.  EG, when client 10.0.0.2 requests "google.com" on port 80, I see the request go out through OPNSense, but the return is dropped somewhere (at least I believe it is). 

Given that there are multiple clients residing behind OPNSense, I'm not sure that I can generate a static route... or is this not the case?  Any thoughts on my goofy setup?

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2