OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • English Forums »
  • General Discussion »
  • network design help. multiple internal networks and public addresses
« previous next »
  • Print
Pages: [1]

Author Topic: network design help. multiple internal networks and public addresses  (Read 1347 times)

jtapio

  • Newbie
  • *
  • Posts: 1
  • Karma: 0
    • View Profile
network design help. multiple internal networks and public addresses
« on: November 13, 2020, 09:24:37 am »
Hello!
I have a project where i am trying to add  OPNsense to our current network topology.

Here are some specs:
- 1 internal customer network with DHCP, nothing special, need to protect clients from outside. Need to have public ips inside (NAT?) (videoconference)
- 5 internal visitor networks with wifi hotspots with ubiquiti and need for public ip address for special clients

At this point we had some old cisco router and there we have config (very spesific) what is divided to two separete "blocks" in routing terminology so (ge0-inbound),(ge1-outbound) vlan 100 were dedicated for internal own network and outbound did have public ip with NAT.

Visitor network vlans had (ge2,inbound)(ge3,outbound) and those have own NATted public ips also.

visitor clients may need public ips so there are some dedicated natted internal ip pointing to public ip


Is there any point to do that all in opnsense and if not, how to add firewall between visitor outbound traffic?

Right now i had removed cables from ge0,ge1 so router is bypassed from internal customer network and opnsense is serving that. Its installed on dedicated gen10 HP server and acting as DHCP server and all working fine, just thinking of what to do that Visitor side..

*Despite from picture above, router outbound traffic doesnt go trough firewall, its directly connected to "pe-ce" network now

« Last Edit: November 13, 2020, 09:27:35 am by jtapio »
Logged

Gauss23

  • Hero Member
  • *****
  • Posts: 766
  • Karma: 39
    • View Profile
    • BackendMedia
Re: network design help. multiple internal networks and public addresses
« Reply #1 on: November 13, 2020, 09:42:39 am »
First of all: your graphical network plan is perfect to get help here.

Yes this should be doable with OPNsense. You would add 2 network interfaces to the OPNsense (either by VLAN or physical) and in "Firewall:Rules:Visitor1" you can add the rules to allow traffic from that interface facing the internet, be sure to set destination like NOT (by setting destination invert) internal-networks (create an Alias for internal-networks and add all internal-networks).

You add the external IPs to your WAN interface as virtual IPs

On Firewall:NAT:Outbound you create rules for the WAN: source Visitor1-net will get the .5 IP and Visitor2-net will get .6 IP.

That should be pretty much it.
« Last Edit: November 13, 2020, 09:44:11 am by Gauss23 »
Logged
„The S in IoT stands for Security!“ :)
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • English Forums »
  • General Discussion »
  • network design help. multiple internal networks and public addresses
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2