Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Tutorials and FAQs
»
OPNsense between LAN and a bridged Modem
« previous
next »
Print
Pages: [
1
]
Author
Topic: OPNsense between LAN and a bridged Modem (Read 3678 times)
salvador fx
Newbie
Posts: 6
Karma: 0
OPNsense between LAN and a bridged Modem
«
on:
July 24, 2020, 10:05:27 pm »
1-My OPNsense allready working betwen (bridge mode modem) and my LAN. Is there some manual for this just to confirm if i dit it well? Didn't find any manual.
2-I use a lot RDP connections with NAT - port redirect like 9998 -> 3389,... for exemple.
Is there some manual recomendation for this kind of connections, secure, but whithout losing connection performance?
3- I Have some independent Servers in my LAN and each one is AD/DNS (of himself). The gateway on servers point to OPNsense and DNS to. Im not sure if i did it well: Server Properties, i delete Root Hints, clear Cache and Forword DNS do opnsense (Unbound DNS); But don't know if OPNsense be able to take it? Or should i setup one server for doing the DNS service? Not about OPNsense hardware, but good/best recomendation?
Is there some good pratices for OPNsense DNS? Unboud/DNSmasq or using the both?
4- In firewall apears lots of WAN IN:
source 10.211.0.1:67 destination 255.255.255.255:68 udp protocol label: Block private networks from WAN
If 10.211.0.1 is na internal ip, why it appears as WAN Blocket? strange!??
I look somehere is the ISP DHCP relay agent. Could be something badly configured from my side or from the ISP side? Or normal? It apears on firewall about 7 or 8 times per minute.
Could you please give me some lights/help please to this new member /new with OPNsense.
«
Last Edit: July 30, 2020, 12:53:38 am by salvador fx
»
Logged
Vilhonator
Full Member
Posts: 245
Karma: 13
Re: OPNsense between LAN and a bridged Modem
«
Reply #1 on:
August 12, 2020, 11:08:40 am »
allow bridged interfaces LAN to your non bridged interfaces LAN.
If all works just fine, you don't have to worry.
Bridged interfaces are connected to LAN port, so their WAN IP is always LAN IP, I think creating route for that as well can actually give you 2 public IPs, but they aren't static and it's fucking pain in the ass to setup if your ISP isn't willing to reveal the public IPs reserved for you.
Anyway, because you only have 1 public IP and Opnsense "knows" IP blocks reserved for private networks, the factory safety rule on Firewall -> Rules -> WAN blocks connections from unknown private networks.
If you want to keep both LANs separate from each other, then you need to add pass rule from "bridged interface address" to "WAN net" firewall rule. Theoretically that should allow bridged interface to access wan network, but not to LAN.
Not sure though, so if you're going to take my advice, first backup everything and make sure you have installation media available, in case you have to re-install the OS.
I highly recommend to call your ISP customer support first, and describe your problem with them.
Yea, thought so. There is a guide how to setup LAN bridge (
https://docs.opnsense.org/manual/how-tos/lan_bridge.html?highlight=bridge
) <--- follow those instructions first, and see if that's any help.
«
Last Edit: August 12, 2020, 11:35:01 am by Vilhonator
»
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Tutorials and FAQs
»
OPNsense between LAN and a bridged Modem