Author Topic: Firewall Group for LAN (Read 1458 times)

9axqe · « **on:** July 31, 2023, 04:09:49 pm »

I am trying to set up a firewall group for my LAN. Both interfaces work, plugging a device provides DHCP in the appropriate range of IP of the LAN subnet (I picked two different IP ranges for each interface)

LAN1 has IP 192.168.1.1
LAN2 has IP 192.168.1.2

problem: when plugged into LAN2, I cannot access the web interface under 192.168.1.1 somehow. I can't even ping it.

Both interfaces are in a group, hence they share firewall rules.

Any idea what I could have forgotten? I also am not sure where it's defined which IP the web GUI is reachable under.

CJ · « **Reply #1 on:** July 31, 2023, 04:19:34 pm »

What are you attempting to do? Is there a reason to use two separate interfaces instead of LAGG, Bridge, or a separate switch?

How did you set up the firewall group and rules?

Patrick M. Hausen · « **Reply #2 on:** July 31, 2023, 04:23:37 pm »

You cannot have one interface with 192.168.1.1/24 and another with 192.168.1.2/24. You need to create a LAN bridge.

https://docs.opnsense.org/manual/how-tos/lan_bridge.html

CJ · « **Reply #3 on:** July 31, 2023, 04:32:27 pm »

Quote from: Patrick M. Hausen on July 31, 2023, 04:23:37 pm

You cannot have one interface with 192.168.1.1/24 and another with 192.168.1.2/24. You need to create a LAN bridge.

https://docs.opnsense.org/manual/how-tos/lan_bridge.html

I was assuming they meant 192.168.1.1 and 192.168.2.1 but was waiting for confirmation and more info.

9axqe · « **Reply #4 on:** July 31, 2023, 07:43:04 pm »

Quote from: CJ on July 31, 2023, 04:19:34 pm

What are you attempting to do? Is there a reason to use two separate interfaces instead of LAGG, Bridge, or a separate switch?

How did you set up the firewall group and rules?

I have the OPNsense router and next to it there is:
powerline adapter (single ethernet box)
Home Automation bridge (must stay here, otherwise some smart home devices loose the DECT ULE connection)

I could of course buy a small switch, but why should I, there are 4 ports on the DEC695.

9axqe · « **Reply #5 on:** July 31, 2023, 07:43:52 pm »

Quote from: Patrick M. Hausen on July 31, 2023, 04:23:37 pm

You cannot have one interface with 192.168.1.1/24 and another with 192.168.1.2/24. You need to create a LAN bridge.

https://docs.opnsense.org/manual/how-tos/lan_bridge.html

Ah, that was the issue. Ok, I'll attempt to create a bridge then.

thank you!

9axqe · « **Reply #6 on:** August 01, 2023, 09:34:03 am »

LAN bridge seems to work, last question, about firewall rules:

I assume they should all be applied to the bridge interface right, not the physical interfaces? (assuming I have the same firewall requirements for all interface member of the LAN bridge)

Patrick M. Hausen · « **Reply #7 on:** August 01, 2023, 09:42:44 am »

Yes, assign "LAN" to the bridge interface and the firewall rules to "LAN". Make sure to set the two tunables from the documentation.

9axqe · « **Reply #8 on:** August 22, 2023, 08:08:54 am »

I never replied, but this worked, thanks!

Author Topic: Firewall Group for LAN (Read 1458 times)

9axqe

Firewall Group for LAN

CJ

Re: Firewall Group for LAN

Patrick M. Hausen

Re: Firewall Group for LAN

CJ

Re: Firewall Group for LAN

9axqe

Re: Firewall Group for LAN

9axqe

Re: Firewall Group for LAN

9axqe

Re: Firewall Group for LAN

Patrick M. Hausen

Re: Firewall Group for LAN

9axqe

Re: Firewall Group for LAN