Two subnets, same port, how to access eachother?

Started by pickone, May 28, 2024, 10:12:51 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
May 28, 2024, 10:12:51 AM Last Edit: May 28, 2024, 07:09:38 PM by pickone
Hi!

I have this network 192.168.0.0/24.
All the devices are connected to a switch and the switch it is connected to LAN1 of my opnsense.
Now, here is my problem: I have a device which is connected to the same switch, but the ip is 192.168.4.1 (it cannot be changed, if I change it, after restart will come back. Does not care, this is not the issue I have).
In my old tp-link router, I had a static route like this (see screenshot) and everything was ok, I could access that device (192.168.1.4) from my network (192.168.0.0/24)

Can someone please tell me how can I achieve the same result on my opnsense? But please, step by step, I'm very very new with opnsense and I try to understand more and more, but slow :-D

Thank you in advance.
May 28, 2024, 07:11:07 PM #1
My only solution till now, was to modify the subnet mask to 192.168.0.0/23, in order to cover 192.168.1.0-254 IPs. If someone have other idea, please share. Thanks!

PS: any disadvantages of using a network of ~500 possible addresses, instead of ~255 ?
May 28, 2024, 07:16:52 PM #2
If that IP is on the same switch in the same vlan you can just give your OPNsense a Virtual IP in the same 192.168.4.0/24 network on the port that connects to the Switch (e.g. 192.168.4.2/24). Then make sure your LAN Firewall rules allow access to 192.168.4.1 and then you can access it from your 192.168.1.0/24 net.
Hardware:
DEC740
May 28, 2024, 07:37:00 PM #3 Last Edit: May 28, 2024, 07:38:49 PM by pickone
Interesting, can you please tell me step by step, what I need to do? I have never worked with Virtual IPs
May 28, 2024, 07:47:11 PM #4
Create an IP alias:

https://docs.opnsense.org/manual/firewall_vip.html#ip-alias

Sorry I cant make a full step to step right now. Its just an extra address on the interface.
Hardware:
DEC740
May 28, 2024, 07:49:18 PM #5
Interfaces > Virtual IPs > Settings

Click on the "+" sign to add one.

Mode: IP alias
Interface: LAN
Network/Address: 192.168.4.something/24 - whatever you want your OPNsense to have in that network

Leave the other fields empty/unchecked, save and apply.

That's it.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
May 28, 2024, 08:08:54 PM #6 Last Edit: May 28, 2024, 08:25:45 PM by pickone
I don't know why, but now, I can access the other IP from the other subnet... And I have changed the subnet mask back to 192.168.0.0/24

All I done more, just activated 4 settings, but I don't think that these have something to do with...

The Reflection NAT on my port forwarding for my local server (port 80) and another three in advanced settings of the firewall: "Reflection for port forwards, Reflection for 1:1, Automatic outbound NAT for Reflection".

So... I don't need to change the subnet mask to 192.168.0.0/23 or create virtual IPs. Still, I don't understand how now it is working and till now, didnt...

Edit: After doing some tests of changing the subnet back and forward, I see that on 192.168.0.0/24 I can only ping that ip, in order to access the services, I need to be on 192.168.0.0/23 :-(
Print
Go Up Pages1
User actions