Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Outbound IP of Firewall itself
« previous
next »
Print
Pages: [
1
]
Author
Topic: Outbound IP of Firewall itself (Read 799 times)
nightcode
Newbie
Posts: 3
Karma: 0
Outbound IP of Firewall itself
«
on:
November 15, 2022, 01:20:47 pm »
Hello together,
I've got a direct fiber connection from my ISP with a public /26 IPv4 subnet.
I want to replace the carrier router with opnsense.
I've got a /31 subnet for routing purposes (e.g. firewall IP is 1.1.1.2 and upstream gateway from my provider is 1.1.1.1) and my main /26 subnet e.g. form 2.2.2.1 to 2.2.2.62.
The problem is that I can use my "Wan-IP" 1.1.1.2 only for routing purposes. For any other traffic I have to use the IP of my larger subnet.
Clients behind the firewall work well from the 2.2.2.0 network but for updates etc. opnsense itself also has to use an IP from this network as outbound address but is always using the WAN IP 1.1.1.2.
How can I force opnsense to use an IP of the 2.2.2.0 network as outbound address?
Thanks a lot in advance
«
Last Edit: November 15, 2022, 01:34:31 pm by nightcode
»
Logged
zan
Full Member
Posts: 175
Karma: 31
Re: Outbound IP of Firewall itself
«
Reply #1 on:
November 15, 2022, 05:00:04 pm »
In Linux we can do ip route by specifying 'src' attribute as a hint for source address selection.
I have no idea how to do that in Freebsd so the other way I can think of is by using NAT, eg : 1.1.1.2 as source address and 2.2.2.x as translation address.
A bit hackish but should get the job done.
Logged
nightcode
Newbie
Posts: 3
Karma: 0
Re: Outbound IP of Firewall itself
«
Reply #2 on:
November 16, 2022, 02:34:22 am »
I don't know if your solution is the right way?
I managed it if I create a virtual IP and set outbound rule from "this firewall" to the designated IP.
But if I do this I have the problem that any other outbound rule is not working anymore.
Any idea how to solve this problem? I think "this firewall" is not the right setting for "source" but what should I use instead?
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Outbound IP of Firewall itself