Two subnets, same port, how to access eachother?

[pickone]

Hi!

I have this network 192.168.0.0/24.
All the devices are connected to a switch and the switch it is connected to LAN1 of my opnsense.
Now, here is my problem: I have a device which is connected to the same switch, but the ip is 192.168.4.1 (it cannot be changed, if I change it, after restart will come back. Does not care, this is not the issue I have).
In my old tp-link router, I had a static route like this (see screenshot) and everything was ok, I could access that device (192.168.1.4) from my network (192.168.0.0/24)

Can someone please tell me how can I achieve the same result on my opnsense? But please, step by step, I'm very very new with opnsense and I try to understand more and more, but slow :-D

Thank you in advance.

[pickone]

My only solution till now, was to modify the subnet mask to 192.168.0.0/23, in order to cover 192.168.1.0-254 IPs. If someone have other idea, please share. Thanks!

PS: any disadvantages of using a network of ~500 possible addresses, instead of ~255 ?

[Monviech (Cedrik)]

If that IP is on the same switch in the same vlan you can just give your OPNsense a Virtual IP in the same 192.168.4.0/24 network on the port that connects to the Switch (e.g. 192.168.4.2/24). Then make sure your LAN Firewall rules allow access to 192.168.4.1 and then you can access it from your 192.168.1.0/24 net.

[pickone]

Interesting, can you please tell me step by step, what I need to do? I have never worked with Virtual IPs

[Monviech (Cedrik)]

Create an IP alias:

https://docs.opnsense.org/manual/firewall_vip.html#ip-alias

Sorry I cant make a full step to step right now. Its just an extra address on the interface.

[Patrick M. Hausen]

Interfaces > Virtual IPs > Settings

Click on the "+" sign to add one.

Mode: IP alias
Interface: LAN
Network/Address: 192.168.4.something/24 - whatever you want your OPNsense to have in that network

Leave the other fields empty/unchecked, save and apply.

That's it.

[pickone]

I don't know why, but now, I can access the other IP from the other subnet... And I have changed the subnet mask back to 192.168.0.0/24

All I done more, just activated 4 settings, but I don't think that these have something to do with...

The Reflection NAT on my port forwarding for my local server (port 80) and another three in advanced settings of the firewall: "Reflection for port forwards, Reflection for 1:1, Automatic outbound NAT for Reflection".

So... I don't need to change the subnet mask to 192.168.0.0/23 or create virtual IPs. Still, I don't understand how now it is working and till now, didnt...

Edit: After doing some tests of changing the subnet back and forward, I see that on 192.168.0.0/24 I can only ping that ip, in order to access the services, I need to be on 192.168.0.0/23 :-(