OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • English Forums »
  • General Discussion »
  • VLAN Routing - How to get it to work?
« previous next »
  • Print
Pages: [1]

Author Topic: VLAN Routing - How to get it to work?  (Read 4628 times)

Stitch10925

  • Newbie
  • *
  • Posts: 17
  • Karma: 1
    • View Profile
VLAN Routing - How to get it to work?
« on: November 20, 2018, 10:43:51 am »
Hey everyone,

I am running OpnSense as a VM under Proxmox. I am trying to segregate my network between WAN, DMZ and LAN using VLAN's, however, I am having some trouble getting the routing configured correctly.

This is the setup:

I have a modem running to a router, then from the router I connect to a switch on (at the moment) the LAN VLAN. The switch is set up to host 3 VLAN's:
WAN -> 192.168.33.0
DMZ -> 192.168.23.0
LAN -> 192.168.13.0

On Proxmox I have 3 NIC's:
NIC 1 -> LAN -> Bridged -> Bridged IP = 192.168.13.20 (Proxmox UI)
NIC 2 -> DMZ -> Bridged -> No IP
NIC 3 -> WAN -> Bridged -> No IP

Then, in OpnSense I also have 3 virtual NICs configured, one for each VLAN:
NIC 1 -> LAN -> 192.168.13.15
NIC 2 -> DMZ-> 192.168.23.20
NIC 3 -> WAN-> 192.168.33.20

These are also configured as single gateways (with the same IP address), and I have created a static route from the DMZ Gateway to the LAN network. Also I have set an allow rule in the firewall for everything in the DMZ zone.

However, currently pinging google.com from the DMZ works, but I cannot load any internet pages.

Maybe a more visual representation:


(https://drive.google.com/file/d/1q7fub043lXDO-V25HIVskYFBOFcbQ5z-/view)

---

The goal:

What I am trying to accomplish at this point is to have internet connection on the DMZ VLAN. Once that is working I would like to add limitations so that I can access the DMZ machines from the LAN (RDP), but the DMZ machines cannot do the reverse.

Eventually I would like to get rid of the router and connect the modem directly to the WAN side of the switch and from there to the WAN side of OpnSense. OpnSense will then establish the PPPOE connection to the modem. All my internet facing machines will then be put on DMZ and all my own devices on the LAN. Also HAProxy will need to be reconfigured to the new network setup. And of course, allow for my LAN devices to cross over into the DMZ using RDP, but not the opposite direction.

Any advice on how I can, in this step, at least get the internet working on the DMZ side? That would already be a big step forward for me.

Thanks in advance,

Stitch
« Last Edit: November 20, 2018, 02:14:38 pm by Stitch10925 »
Logged

Stitch10925

  • Newbie
  • *
  • Posts: 17
  • Karma: 1
    • View Profile
Re: VLAN Routing - How to get it to work?
« Reply #1 on: November 23, 2018, 10:03:34 am »
No one knows how to work with VLANs in OpnSense?
Logged

bartjsmit

  • Hero Member
  • *****
  • Posts: 2018
  • Karma: 194
    • View Profile
Re: VLAN Routing - How to get it to work?
« Reply #2 on: November 23, 2018, 10:47:43 am »
If you can ping but not browse, your problem is either DNS or firewall rules.

Bart...
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • English Forums »
  • General Discussion »
  • VLAN Routing - How to get it to work?
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2