SOLVED: How should I configure 5 fixed IP addresses on my WAN?

Started by gctwnl, November 27, 2022, 12:04:20 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
November 27, 2022, 12:04:20 AM Last Edit: November 27, 2022, 05:14:01 PM by gctwnl
I'm trying to get OPNsense working (new DEC695 device). I'm currently in the situation that when I connect it to my IP's modem, it is able to update itself (so router-WAN works) and I am able to configure it (so LAN-router works). What doesn't work is simple stuff like doing an DNS query from the LAN to 8.8.8.8 and get a result back. I've turned all the logging on I could find, so far without luck. I see a log entry that allows the traffic to go to 8.8.8.8, but an answer is never received and no log message gives me a clue what is wrong. It is now the perfect firewall, nothing goes through.

One thing I had to guess a but because the documentation doesn't have this explicitly was the configuration of my WAN interface. I have the following IP-range: a.b.c.48/29, a.b.c.49 is the provider's modem, I can use a.b.c.50-54, and a.b.c.55 is the broadcast address.

My LAN is a 192.168.x.x. range. I have already configured a few outgoing NAT rules (set to do source NAT manually, like I do with my old EdgeMax router that this machine has to replace).

I have configured my WAN as a.b.c.50/29 with a.b.c.49 as the gateway, and set up 4 IP aliases for a.b.c.51-54. Is that the correct way to do it? Is there an example somewhere of setting up OPNsense with a range of fixed IP addresses? Anything else I might easily have gotten wrong or a way to find out what is wrong?
November 27, 2022, 01:51:23 PM #1
We have the same /29 network from our provider.

Simply setup a set of Virtual IP addresses on the WAN interface covering the 5 usable addresses and point them at the provided gateway address you will have been provided by your supplier ours is the top of the range+1 yours might be the bottom.

Our supplier uses a dynamic PPPOE address but assigns our block to it so all are routable publicly.

Then you can use them in FW rules etc.

Cheers
Spart

November 27, 2022, 04:20:07 PM #2
Thank you.

In the end, I used the a.b.c.50/29 address when setting up the WAN. This means I cannot create an alias for a.b.c.50 itself, but I can for a.b.c.51-54. So, I cannot make 5 aliases, just 4.

Outgoing traffic gets the a.b.c.50 IP unless I use source NAT. As it works now, I'd rather leave it alone.
November 27, 2022, 06:49:22 PM #3
Quote from: gctwnl on November 27, 2022, 04:20:07 PM
Thank you.

In the end, I used the a.b.c.50/29 address when setting up the WAN. This means I cannot create an alias for a.b.c.50 itself, but I can for a.b.c.51-54. So, I cannot make 5 aliases, just 4.

Outgoing traffic gets the a.b.c.50 IP unless I use source NAT. As it works now, I'd rather leave it alone.

Glad you got it sorted. I remember messing with this for a while when we first migrated from Untangle.

Cheers
Spart
Print
Go Up Pages1
User actions