VLAN can’t connect to Internet

Started by LtCol_Davenport, March 04, 2024, 10:19:49 AM

Previous topic - Next topic
Print
Go Down Pages 1 2
User actions
March 05, 2024, 05:05:42 PM #15
Quote
I can't think of a reason why you would. I definitely wouldn't.

What you need to consider if you replace an all-in-one consumer router that includes WiFi with a modem and OPNsense is that you might need a WiFi access point. Frequently one can configure the former router as such and then place it in the LAN behind OPNsense.

Thanks.

I already have a full network (for my needs).

I have two Mikrotik AP (configurabile and with VLANs)

Two Mikrotik Switches (managed and PoE).

A ProtecLi Firewall running OPNSense.

That's why I wanted to remove my ISP router as it is the only weak link, they one that I conati fully control, manage and replace.
March 05, 2024, 10:25:29 PM #16
Hopefully most is now clear(er). To add to what Patrick wrote, you wouldn't add a router to the mix if you have one already. A consumer router normally has two or three parts: 1) router ; b) firewall  ; 3) optionally a modem.
When you have OPN you have 1) and 2).
The conversation has been whether you can replace 3).
When you put an ISP router in bridge mode, you are disabling 1) and 2) and only using 3)
Looking at your purchased Vigor 167, that'll do. Is a modem/router that can be put in bridge mode. The question was if your current one could also be put in bridge mode and save you buying the Vigor.
Anyway, seems you're on your way :)
March 06, 2024, 10:24:03 AM #17
Quote from: cookiemonster on March 05, 2024, 10:25:29 PM
Hopefully most is now clear(er). To add to what Patrick wrote, you wouldn't add a router to the mix if you have one already. A consumer router normally has two or three parts: 1) router ; b) firewall  ; 3) optionally a modem.
When you have OPN you have 1) and 2).
The conversation has been whether you can replace 3).
When you put an ISP router in bridge mode, you are disabling 1) and 2) and only using 3)
Looking at your purchased Vigor 167, that'll do. Is a modem/router that can be put in bridge mode. The question was if your current one could also be put in bridge mode and save you buying the Vigor.
Anyway, seems you're on your way :)
I tried looking online on forum about my ISP and looking into the GUI of the router but it seems there no option.

I found that Vigor 167 used on Amazon (which usually are all like new items) for like €70 instead of €120, so I thought it was fine.

If that works, it will give me the peace of mind to be completely separated from my ISP and that if something won't work in the future I know it will definitely be my own fault but that also have the ability to asses it, if that makes sense :)

I will jist need to probably change the WAN interface on the OPNSense and maybe NAT rule, since now the WAN has a privet address going into the Router. When putting the modem, if I understood it correctly, I will have the public IP directly on the WAN interface of the firewall, so it will change some stuff.
November 21, 2024, 12:05:51 AM #18
I had the same problem doing that for the first time, what you need to do its going to the firewall->rules->your vlan interface, mine its called OPT1

There you need to make 2 rules, one to have internet access and another one to block acces to your lan(if u want that)

so press the + button and for the 1st rule
*action - block
*interface - your vlan (OTP1)
*source - your vlan net (OPT1 net)
*destination - LAN net
*description - Block lan access
*press save

2nd rule
*action - pass
*interface - your vlan (OTP1)
*source - your vlan net (OPT1 net)
*description - Allow internet
*press save

Now you need to make sure that the block lan access rule its first and the allow internet rule its under if not check the allow internet rule and press the move selected rule to the end button "<-" and after that press apply changes

should look like in the attached picture

i hope this helps


Print
Go Up Pages 1 2
User actions