Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Access LAN from WAN and/or certain subnet
« previous
next »
Print
Pages: [
1
]
Author
Topic: Access LAN from WAN and/or certain subnet (Read 89 times)
gabecz
Newbie
Posts: 4
Karma: 0
Access LAN from WAN and/or certain subnet
«
on:
November 08, 2024, 09:14:59 am »
I'd like to access the LANfrom WAN and from WAN only.
I have tried a lot of combinations of NAT and Firewall rules now I'm getting burned out and just babbling around not sure what to do.
Strictly speaking I'd be fine if 1 IP from WAN (my pc) could access LAN network's 3389 and 22 ports.
OPNSense WAN IP is 192.168.160.19 and my pc is 192.168.160.185. The LAN network is 10.250.0.0/23 and the LAN IP is 10.250.0.1/23 the client in the LAN network is 10.250.1.2/23 gw 10.250.0.1 i can access the internet from LAN.
All on VMWare.
Logged
dseven
Sr. Member
Posts: 315
Karma: 33
Re: Access LAN from WAN and/or certain subnet
«
Reply #1 on:
November 08, 2024, 01:03:10 pm »
Reading between the lines a bit, I assume you have an upstream router which provides LAN for your PC, and the WAN interface of OPNsense is connected to that LAN?
If you try to reach 10.250.1.2 from your PC, unless you have a specific route for it, it will be sent to your upstream router (which is your gateway / default route). Your upstream router won't have a specific route for it either, so it too will send it to its default route, which will likely be your ISP. Your ISP will drop it, because it's not an internet routable address. You could add a static route on your PC, for 10.250.0.0/23, pointing to OPNsense at 192.168.160.19 (actually you'd probably want to set OPNsense up with a static IP assignment outside first). Alternatively you could (if you have access) add a static route to your upstream router, but then you get into an asymmetric routing scenario, because return traffic through OPNsense to your PC would not pass through your upstream router. That may or may not be an issue, depending on the upstream router.
In addition to routing, you'll need to disable blocking of private networks and bogons in the WAN interface configuration in OPNsense, and you'll need inbound firewall rules on the WAN interface to allow the traffic destined for your LAN network for those ports (22 and 3389).
Logged
gabecz
Newbie
Posts: 4
Karma: 0
Re: Access LAN from WAN and/or certain subnet
«
Reply #2 on:
November 08, 2024, 09:01:03 pm »
looks like i only had to sleep on it
simple as that the solution is a NAT rule taken the idea of my home internet's router where i set a port forward rule so i can access my server from anywhere using public ip (rather dyndns) and a higher port that i forward to 192.168.0.2:22
in my case it looks like this
so i only can access the internal isolated server 10.250.0.200 port 22 from my physical computer xxx.xxx.160.185 using the opnsense server's wan address xxx.xxx.160.19 and port 20022
hope it helps others
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Access LAN from WAN and/or certain subnet