Static Routes Help

Started by hanzs, December 05, 2022, 09:10:03 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
December 05, 2022, 09:10:03 PM
I am fairly new to OPN and I am totally lost at Static Routing and need a little help.

I have the firewall working with 2 interfaces - WAN/LAN - and the WAN has a public IP.  What I need to do is route 2 networks to a 2nd router behind the OPN.  I've read everything I can find and have tried to set it up a couple of times and cannot pass traffic to the internet so I am here.  Here is the setup:

OPENSENSE (WAN - Public IP)
                   (LAN - 10.10.90.12)--------------------Router2 (UPLINK - 10.10.90.10)
                                                                                      (WLAN - 10.10.10.0/24)
                                                                                      (DMZ - 10.10.20.0/24)

I created a gateway - Static_GW - networks 10.10.10.0/24,10.10.20.0/24 - to 10.10.90.10
I create both routes and gave them the same GW above
I create a firewall entry on LAN - used an alias of Static Routes as destination and any as source.  I have switched those around a couple of times and it still doesn't pass traffic to the internet
I was able to get the 2nd router to ping the OPNsense box and was able to ping the 2nd router from Opnsense but cannot get to the internet.  Any assistance would be greatly appreciated or point me to steps to accomplish this and I will continue to attempt it.
December 06, 2022, 11:54:23 PM #1
So what would someone need to see to help me with this.  It is really holding me up and I need to get it done.  I have done it before on other firewalls so I know how it works but Opnsense is a much more difficult firewall.  I either need to fix it or move to something else.  I would really appreciate it if someone could help me.  Thanks!
December 07, 2022, 01:13:40 AM #2
Why would you need a static route for that?
Opnsense is in front of the other router, that's the same as being any other device behind it, it should just work providing you have the second router configured correctly.
The second router has NAT enabled, correct?
The second router is configured as the gateway for the 2 networks behind it, correct?
It'll just work if so.
December 07, 2022, 10:17:04 PM #3
Thanks for your response!  Sorry but I didn't put the entire network info - there are 3 switches between the Opnsense router and the 2nd router - which only handles those 2 subnets.  There is no NAT on the 2nd router because I don't want to double NAT.  The former firewall I used (EdgeOS) only required me to enter a firewall rule to allow those networks through and I could enter static routes on the routing table to hit that network.  This is a small business network so I don't need a lot of fancy rules and such.  I need to put both subnets on the same NIC on the Opnsense router so maybe I should just setup a couple of VLANS.  I also found some instructions on how to setup a static route in Opnsense.  I will at least do one or the other
December 07, 2022, 10:45:32 PM #4
Is there any specific purpose as to why you're using two other routers within your network to route specific subnets?   

I'm not sure why you're doing that instead of just using VLANs.  Or did I miss something?
December 07, 2022, 11:39:32 PM #5
The reason has more to do with equipment than anything else.  The business has 3 2.5G unmanaged switches and there are 4 2.5G NIC's on the Opnsense router.  I had given each network its own NIC on the router and connected each to one of the switches.  There are devices that have 2.5G ethernet ports on them as well so I was attempting to set this up to take advantage of the full fiber connection from the ISP AND the best speeds between devices on the 2.5G part of the network.  There is only 1 other router and I had isolated the 1G switch (which is managed) behind that router. 
I was trying to recapture a couple of ports on the Opnsense router by static routing the 2 subnets to the 1G router and so on.  I can't do VLANS on this project since none of the 2.5G switches are managed.
As I said in my previous post - I found instructions to static route the 2 subnets to the rear router and free up a couple of ports on the Opnsense router.  However, I may just let it go and tell them to accept with the way it is setup now which is working great but there is no room for expansion!
December 08, 2022, 01:15:40 AM #6
Either you're very confused, or I am.

How did you plan on getting those two networks through router2 without NATing them?? Are you using VIP's on router2?

Why opposed to double NAT?

Your former router, was it used in this exact config?? Doesn't sound like it was but you point out that you used it.

QuoteI need to put both subnets on the same NIC on the Opnsense router so maybe I should just setup a couple of VLANS.
QuoteI can't do VLANS on this project since none of the 2.5G switches are managed.

What???

December 08, 2022, 03:29:34 AM #7
Quote from: hanzs on December 07, 2022, 11:39:32 PM
The reason has more to do with equipment than anything else.  The business has 3 2.5G unmanaged switches and there are 4 2.5G NIC's on the Opnsense router.  I had given each network its own NIC on the router and connected each to one of the switches.  There are devices that have 2.5G ethernet ports on them as well so I was attempting to set this up to take advantage of the full fiber connection from the ISP AND the best speeds between devices on the 2.5G part of the network.  There is only 1 other router and I had isolated the 1G switch (which is managed) behind that router. 
I was trying to recapture a couple of ports on the Opnsense router by static routing the 2 subnets to the 1G router and so on.  I can't do VLANS on this project since none of the 2.5G switches are managed.
As I said in my previous post - I found instructions to static route the 2 subnets to the rear router and free up a couple of ports on the Opnsense router.  However, I may just let it go and tell them to accept with the way it is setup now which is working great but there is no room for expansion!

In any network infrastructure project, I would highly recommend not hacking things together and tell the client what they actually need.

Keep in mind, clients really have no clue how this stuff works, even if they claim they do.

Spend the money now, so you don't pay for it later, is what I tell my client contracts.

Source: I'm a network engineer
December 08, 2022, 04:23:35 AM #8 Last Edit: December 08, 2022, 04:27:00 AM by hanzs
I agree with you 100% but they already purchased this hardware and I was tasked to make it work.  It actually turned out pretty well all things considered and the network is screaming fast so I will leave it as is.

That still begs the original question I had about static routing on an Opnsense router!  I have been doing networking for many years and just recently installed my first instance of Opnsense.  I've never had a problem with static routing on any router I've used except this one.  It is generally a no-brainer config that I've done many times in the past.

I guess I will do like I always do - ask the question in this forum - not get an answer - get a lot of configuration ideas (why are you doing it that way) - then figure it out myself!
December 09, 2022, 01:35:10 AM #9
Well I have static routing up and working like a charm!!  Maybe I will stay with Opnsense for a while and see how it goes.  Seems to be a solid router!
Print
Go Up Pages1
User actions