Messages

16

23.7 Legacy Series / Re: Firewall not accessible after changing lan VLAN

« on: March 10, 2024, 05:11:14 am »

One additional bit of information, if I am able to get into the shell and do a ping with "-S" specifying the IP of the WAN interface I am able to successfully paying 8888.  I think I just have some sort of a routing configuration problem that I do not understand how to fix from the console

17

23.7 Legacy Series / Firewall not accessible after changing lan VLAN

« on: March 10, 2024, 05:00:00 am »

I apologize in advance for my limited information because I cannot get to the web interface at this point and I'm not as familiar with the console, but I can provide any information requested if you show me how to provide it.

I recently got a new layer 3 switch so that I could enable some 10 gig fiber for my storage network.  Doing so, I wanted to move most of my networking off of VLAN 1 and onto a new VLAN, VLAN 99.  Before I did this move, I created a new VLAN interface on the open sense firewall.  I added the new 99 VLAN to all the required trunks on all my other switches, changed the IP addresses on all of my other devices on that VLAN, and even added a new management interface on OpnSense which was reachable on the 99 VLAN at 10.99.1.40. 

I thought I was ready to cut over and I did, replacing the old layer 3 switch with the new one.  For the most part everything went well, and everything on the lan appears to work as expected.  That being said, my firewall is now completely unreachable.  Fired up the console and reconfigured the interfaces and IPs, but it appears to be unreachable on the lan or the wan.  My lan interface is an LACP lagg which should be configured on the L3 switch as well, And the ports show as up on the switch but I cannot ping it even from the l3 switch where a gateway is configured on the 99 VLAN.  The wan is a single connection to my Comcast business gateway, And I believe it is properly configured as I am getting a DHCP address on it.  From the shell, I cannot ping 8.8.8.8.  as far as I can see, both the LAN and WAN interfaces are not communicating out and I am kind of stumped.  Here is as much information as I have right now but I can provide any more information as requested.

18

General Discussion / Re: Questions about my setup, role of VLANS, using mdns-repeater for Chromecasts?

« on: May 20, 2022, 05:42:50 am »

I figured this out; I didn't have any firewall rules on any of the other interfaces.  For some reason I thought the allow all rule on the LAN interface (to let clients talk out the internet) would cover all interfaces; I simply added a rule on the other interfaces, and the chromecasts woke right up.

IGMP Snooping across the 2 vlans I wanted on the L3 switch, mDNS repeater on the 2 vlan interfaces on opnsense,  good to go.

19

General Discussion / Questions about my setup, role of VLANS, using mdns-repeater for Chromecasts?

« on: May 19, 2022, 11:21:35 pm »

Hi, I'm a brand new opnsense user.  Over the last 6 months I've been converting my residential flat network to one more in line with a learning lab, using managed switches and vlans.  It's more complex than it needs to be, but the driver was teaching myself about more complex networking.

I have an older L3 switch which is the router on my network for my 5 VLANS.  It's a Netgear GSM7312.  It has an interface on each VLAN; the VLANS are /16 (which is bigger than needed, but is the result of a legacy configuration I'm not ready to re-architect).  When deciding on my architecture, I considered moving routing functionality to opnsense; as a result, the connection to opnsense is trunked and is carrying all 5 VLANS, though the LAN port on opnsense is tied to "lagg0_vlan1".  In opnsense I defined a gateway for each of my VLANS pointing to the interface on each VLAN on the L3 switch, then I defined an interface on each of the other 4 VLAN interfaces with roughly the same IP (10._.1.40).  While I didn't specify the gateway in the VLAN interface configuration (since It's LAN I set it to none) but the interface overview shows each interface has the right gateway.

As I understand it, I should be able to access the opnsense firewall from any of those interfaces, right?  As long as I have the web interface listening on them all (it's listening on the 5 LAN interfaces, not the WAN), I thought I should be able to get to it at "10.1.1.40" or "10.4.1.40".  As it is, I can only get to it from 10.1.1.40; the others are unreachable/unpingable.

I ask this because I am hoping opnsense can solve the one thing on my network not working...Chromecasts.  Most user devices are VLAN 4, but things like Chromecast are VLAN 5.  I want to tightly control the traffic between the VLANS as part of my learning journey, and my research says I can do that eventually, but for now at a minimum I need to use a plugin like "mdns-repeater" to allow mDNS between vlans.  Since the firewall isn't doing the routing, my understanding is I need an interface on each VLAN/subnet, then configure the plugin to watch on those interfaces. 

For as wonky as the setup is right now, does this make sense?  Should the VLAN interfaces be reachable, is there something fundamental I'm missing?