Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Network question
« previous
next »
Print
Pages: [
1
]
Author
Topic: Network question (Read 2305 times)
bmail
Newbie
Posts: 37
Karma: 1
Network question
«
on:
January 10, 2020, 07:58:36 pm »
Hello,
Not directly related with Opnsense, but a strange behaviour on my network.
Perhaps someone could help me to understand what's the issue:
I use Opnsense with 3 intefaces (LAN, WAN, and WLAN). WLAN is a wired interface connected to the WAN port of a wifi router Asus.
Wifi router is configured as router (not AP) for wifi devices (android phones for example), with DHCP .
So: WLAN (opnsense): 10.1.2.100
WAN of wifi router: 10.1.2.99 with default gateway 10.1.2.100
LAN of wifi router: 10.1.55.100/24
WIFI devices with DHCP: 10.1.55.6x/24
Wifi devices have access to internet via opnsense, but sometimes, I see weird log on opnsense:
Action: block
interface: WLAN
Source: 10.1.55.6x
Destination: very often a google ip (216.58.2018.100 for example)
For WLAN interface, I have some rules as :
Accept WLAN net * Ce Pare-feu 53 (DNS) * *
Accept WLAN net * * 443 (HTTPS) * *
and so on....
And the last:
Block * * * * * *
I can't undestand why, WLAN receive and block (naturally) packets from wifi devices (10.1.55.6x). WLAN should not see them.
If somebody can explain to me this fact ....
Thanks a lot in advance.
Logged
siga75
Full Member
Posts: 185
Karma: 11
Re: Network question
«
Reply #1 on:
January 11, 2020, 09:33:57 am »
why you say WLAN should not see those packets?
in any case, packets are often blocked because they are not SYN flagged, it could be an old connection for which PF already expired the status
Logged
https://www.signorini.ch
Protectli Pfsense Mi7500L6 Intel 7Th Gen Core I7 7500U 16Gb Ddr4 Ram
512Gb Msata Ssd
6 X Intel Gigabit Ethernet
bmail
Newbie
Posts: 37
Karma: 1
Re: Network question
«
Reply #2 on:
January 11, 2020, 10:09:52 am »
Hello,
Thanks for your answer.
I thought it was strange because the wifi router IS a router, with NAT.
My opnsense rules allow trafic from WLAN net (10.1.2.100/24) , so in fact, one ip adress: the one the wifi router (10.1.2.99). It works perfectly like this.
But, I thought that WLAN interface of opnsense could'nt see device behind the wifi router as it's not the same network (10.1.55.0/24).
Perhaps I should configure the router as AP ? It could be more simple, rather than doing another NAT ?
Logged
siga75
Full Member
Posts: 185
Karma: 11
Re: Network question
«
Reply #3 on:
January 11, 2020, 10:34:19 am »
oh, OK, I got it now
well, I don't see any reason to use NAT, but you can still use it as a router if you want for whatever reason a different network to be routed (it depends on what does you router conf allow, you have no limits if you configure openWRT on it)
if you use it as AP then DHCP will be served by OPNsense
Logged
https://www.signorini.ch
Protectli Pfsense Mi7500L6 Intel 7Th Gen Core I7 7500U 16Gb Ddr4 Ram
512Gb Msata Ssd
6 X Intel Gigabit Ethernet
bmail
Newbie
Posts: 37
Karma: 1
Re: Network question
«
Reply #4 on:
January 11, 2020, 11:20:59 am »
Yes, I think I'm going to transform the wifi router into AP. I don't really need to make NAT for wifi devices.
But, definitely, I don't understand why (sometimes) I see wifi devices's ip on WLAN interface on Opnsense, while these devices are behind a router which must achieve NAT !
Wifi router is an ASUS with Merlin firmware.
And this behaviour is not permanent, hopefully ! And always towards google ip. Strange, no ?
Anyway, thanks for your advice.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Network question