Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
22.1 Legacy Series
»
What is the best way to assign a parent interface?
« previous
next »
Print
Pages: [
1
]
Author
Topic: What is the best way to assign a parent interface? (Read 1193 times)
jorglodita
Newbie
Posts: 12
Karma: 0
What is the best way to assign a parent interface?
«
on:
March 27, 2022, 12:19:36 pm »
Hi! Have been using OPNsense for years with no problems, but on 22.1 a "big change" was introduced and now I don´t know the best way to configure the firewall.
My setup so far:
3 NIC for OPNsense:
- WAN assigned and enabled on the install. I use an ISP VLAN over it so its unnasigned when I configure it.
- LAN assigned and enabled on the install. I never touch this one, its just my "emergency interface".
- "OPT" not assigned and not enabled on the install on purpose. All my VLAN go here (always unnasigned)
On 22.1 a big change appeared, all parent interfaces must be assigned and enabled (if they have VLAN on them). So I need to change my prior plan in order to continue using OPNsense.
1.- The WAN interface. By default it creates some firewall rules and I THINK (please tell me if I am wrong) this interface has some configuration rules too (different from LAN interface from example).
If I add the ISP VLAN over it it becomes unnasigned. I can create a "fake wan" interface no problem and all will work. That "fake wan" interface is assigned and enabled, but don´t give it an ip or anything else. The problem here is that I am speaking of a WAN interface that I created myself. With no special firewall rules as a "normal one", or no special configuration. I just create the "fake wan" to have a parent interface and all works but...I am creating a security hole doing this?
Another approach would be leaving the parent WAN interface untouched and just create a VLAN on it so I can have the ISP connection over it. I like this idea very much. The problem here? The default WAN interface has its "special" configuration and firewall rules, the one I create not. Is there a guide to create this VLAN with some security?
As you can see my only concern here is creating a security breach messing with the WAN interface.
2.- The "OPT" interface. this question is similar to the prior one. I create a "fake opt" interface too so all the VLAN over it have a enabled and assigned parent interface. Thsi interface don´t have firewall rules (everything blocked by default), not IP, it just a "fake opt". That is what I think but I have "dangerous" VLAN over it (DMZ and such). Do I need any special configuration for this interface?
3.- My plan on the next weeks is using Suricata and/or Zenarmor. I know I must select the parent interfaces for them to work. My "OPT" interface is a "fake one" too, just asigned and enabled so the VLAN over it work, but it has no IP or not configuration at all (not even firewall rules to allow connection). This configuration its valid for Suricata/Zenarmor or they need a full working, full internet, full setup parent interface?
Thanks a lot in advance!
Thanks a lot in advance!
Logged
Patrick M. Hausen
Hero Member
Posts: 6801
Karma: 571
Re: What is the best way to assign a parent interface?
«
Reply #1 on:
March 27, 2022, 01:56:40 pm »
Your post reads a little bit confusing. What is your current configuration of the WAN interface? Is it assigned to e.g. VLAN x on interface igb0 (or em0, ix0, ...)? Or do you run PPPoE over that VLAN?
What do you mean with "all my VLAN go there" (OPT), "always unassigned" - you do not assign your VLANs to anything? In that case you cannot assign IP addresses, so what are you doing with them?
Can you just show your current configuration?
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
Vesalius
Jr. Member
Posts: 76
Karma: 10
Re: What is the best way to assign a parent interface?
«
Reply #2 on:
March 27, 2022, 02:54:18 pm »
To get a handle on how easy the new requirement is, watch at least the first 45secs of the youtube below. You likely need to do that for Wan and your vlan parent interfaces. Otherwise, more info is needed for some of the other specifics of your questions as already brought up.
https://youtu.be/69cNH9UX_es
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
22.1 Legacy Series
»
What is the best way to assign a parent interface?