Moved from Virtualized to bare-metal now cannot access interface subnet

Started by kottok.motors@gmail.com, February 22, 2025, 10:01:31 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 22, 2025, 10:01:31 PM
Hello!

I had initially set up OPNSense as a VM on my server. However, this was causing performance issues and heavily delayed responses from the web GUI. Not bad enough that it bothered me, but I eventually opted for a bare-metal solution to have dedicated resources for OPNSense.
I had copied my config over, and assigned the correct interfaces. However, now I am facing an issue where I cannot access any of my hosted applications on the server. Since they are internet facing (accepting inbound on 80/443), I had put them on a separate subnet - 192.168.3.0/24 - from my standard LAN subnet - 192.168.1.0/24. This  was working before, as the hosted applications all had static IPs. Now there is no connectivity between that subnet and OPNSense. I can access the ESXI GUI with no issues, as that is static ip'd to my LAN subnet. My server has four NICs, which I have aggregated on a virtual switch, and assigned to the hosted applications. Those four NICs all plug into my managed switch. No VLAN setups or anything. I've also got the interface the hosted applications are on, connected to the switch.

I'm not sure if this is a configuration issue with OPNSense, or my ESXI setup. I have attached a diagram of what the setup now looks like.

Thank you!
February 22, 2025, 10:19:56 PM #1
Hi,

Quote from: kottok.motors@gmail.com on February 22, 2025, 10:01:31 PMNo VLAN setups or anything.

You cannot have different subnets sharing a switch, unless they are VLANs.  Otherwise you need two switches here-- one for 192.168.1.0/24 and one for 192.168.3.0/24.
February 22, 2025, 10:51:20 PM #2
Quote from: OPNenthu on February 22, 2025, 10:19:56 PMYou cannot have different subnets sharing a switch, unless they are VLANs.
Basically you can do this though and it should work anyhow, but it's not a good idea at all. Such setup has no security benefit and can lead into problems.
So of course, it's recommended to configure VLANs for segmentation purposes.
February 22, 2025, 11:12:08 PM #3 Last Edit: February 22, 2025, 11:43:40 PM by kottok.motors@gmail.com
I've removed the switch from the equation. I had tried setting up a vlan but that did not work for me.
I have now wired direct from the External interface on my OPNSense machine to a single NIC on the server. I separated that into a new virtual switch and assigned my VMs to it. I connected another NIC to my switch for the management interface, on a separate vSwitch. This should safely separate the networks without vlans. However I still am unable to contact any of my hosted applications, and the hosted applications cannot reach the internet. I cannot ping the interface either, from the VMs.
February 22, 2025, 11:48:18 PM #4
Well, I made a rookie mistake. When I assigned the static IP to the interface, I hadn't changed it to /24, it was at /32...
I'm well and functional now.
Thanks for the help!
Print
Go Up Pages1
User actions