OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • English Forums »
  • General Discussion »
  • Difference in WAN vs LAN vs OPT (specifically regarding webgui access)
« previous next »
  • Print
Pages: [1]

Author Topic: Difference in WAN vs LAN vs OPT (specifically regarding webgui access)  (Read 1627 times)

coatmaker618

  • Newbie
  • *
  • Posts: 11
  • Karma: 0
    • View Profile
Difference in WAN vs LAN vs OPT (specifically regarding webgui access)
« on: July 20, 2022, 05:57:04 pm »
I'm running into a weird issues that are making me question some underlying assumptions about OPNSense...and I'm not quite sure where the issue is since there's two routers....but they're both OPNSense so here it goes:

The network was designed to allow internet access to a specific part of the network but limit the visibility of that part of the network.  I also wanted to keep the primary router as simple as possible so that a bad config doesn't take internet down.  Anyway, this image is an overview of the network (simplified but should have everything needed), I've got a main router that has VLANs for my LAN & my Server.  The Server has a 2nd router on a VM that has an internal network connecting to other VMs that actually have the webfacing services.  So far this seems pretty straightforward--but this is where things get confusing!

On a fresh install of OPNSense on Router #2 the default assignment is LAN to Database & WAN to Router #1 & OPT #1 to WebServices.   This seems fine to me, since I think the default gateway is the WAN so OPNSense will look for the internet on the WAN.  So far so good, except for getting to the web interface to config (I'm trying to get there from my LAN).  This problem held even after disabling the firewall via console
Code: [Select]
pfctl -d

Further weirdness when I tried to ping the WAN on the router #2:  Router #1 could ping it fine from OPT1 interface just fine but not from router #1 LAN interface, but router #1 LAN can ping other devices on router #1 OPT1 just fine (and is allowed to ping all from it's own firewall rules)

I should also mention that router #2 WAN is getting dhcp (static assignment) from router #1 just fine, so it does not seem to be firewall issues.

Furthermore, if I swap interfaces so router #2 LAN is facing the primary router, then I can access router #2 webgui just fine, and ping it from everywhere!

All of this has me wondering about an assumption I've been making:  Are all ports (LAN/WAN/OPT) from the perspective of OPNSense the same.  I mean, sure there are default differences (the lockout rule on LAN & default gateway to WAN, plus the default block all on WAN and allow all on LAN) but if those were changed, would there l be any OTHER differences that are not apparent?

I suppose a follow-up issue here is how to assign the interfaces on the 2nd router, if there's a better approach to that.

« Last Edit: July 20, 2022, 06:00:28 pm by coatmaker618 »
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • English Forums »
  • General Discussion »
  • Difference in WAN vs LAN vs OPT (specifically regarding webgui access)
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2