Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
23.1 Legacy Series
»
Web server access on two different LANs
« previous
next »
Print
Pages: [
1
]
Author
Topic: Web server access on two different LANs (Read 1489 times)
protoss1976
Newbie
Posts: 13
Karma: 0
Web server access on two different LANs
«
on:
February 13, 2023, 11:31:30 am »
I have a server with OPNsense and 4 NICs one of which is used for the WAN. I have 4 physically separate LANs and they all flow into my server room. On OPNsense I configured...
OFFICES ethernet 192.168.5.8
DIDACTIC ethernet 192.168.1.12 (captive portal)
The fourth LAN (LAN_TV 192.168.241.0) is currently physically connected to the OFFICES because within LAN_TV there is a web server that must be accessible from the PCs of the OFFICES LAN. Since in the LAN_TV the server also works as DHCP, if I connect the LAN_TV to the fourth OPNsense ethernet, how do I configure the firewall rules to be able to access the web server from the OFFICE LAN? Sorry if the situation is a bit tangled, but I wanted to limit the broadcast as much as possible without going to configure VLANs. Can you give me some advice on this?
Logged
fgsfdgfds
Newbie
Posts: 37
Karma: 1
Re: Web server access on two different LANs
«
Reply #1 on:
February 14, 2023, 09:09:27 am »
I'm not really understanding your setup very well... but...
If you have 2 ip subnets on the same physical broadcast network, then you'd normally separate these with vlans.
If you don't want vlans, then uuummm, well,
so you say 241.0/24 and 5.0/24 are on the same phyisical network, ie on the 1 port of OPNsense?
do you have 2 DHCP servers on these, OPNsense and some other? If so that won't end well.
Have you used all the ports on the firewall up, seems unclear from you message?
If you have 4 ports, 1 is wan, then you want 4 LAN networks separate, either you need another port or use vlans.
you could I suppose put lantv with offices, but those on the 241.0/24 network would need static addresses with no DHCP server.
But doing this isn't really good practise in my view, this is the reason for vlans.
Logged
protoss1976
Newbie
Posts: 13
Karma: 0
Re: Web server access on two different LANs
«
Reply #2 on:
February 14, 2023, 05:29:14 pm »
I would like to access from today OFFICES computer 192.165.5.x to the web server located in LAN_TV which is 192.168.241.111 (no DHCP). The networks are physically separated, a cable from one network goes to OFFICES, a cable from the other network goes to LAN_TV
Logged
Demusman
Sr. Member
Posts: 304
Karma: 13
Re: Web server access on two different LANs
«
Reply #3 on:
February 14, 2023, 05:41:01 pm »
All you need is a firewall rule(s) allowing what you want access to.
But first, I would suggest you clean up what you have there.
"OFFICES ethernet 192.168.5.8"
Why would you use .8 for the gateway?
"DIDACTIC ethernet 192.168.1.12 (captive portal)"
Again, why .12 for gateway??
"The fourth LAN (LAN_TV 192.168.241.0) is currently physically connected to the OFFICES because within LAN_TV there is a web server that must be accessible from the PCs of the OFFICES LAN. Since in the LAN_TV the server also works as DHCP, if I connect the LAN_TV to the fourth OPNsense ethernet, how do I configure the firewall rules to be able to access the web server from the OFFICE LAN?"
Wouldn't that be the third LAN?
And what does "physically connected" mean? Since you later said they're physically separated.
All you have to do is add a rule on the offices interface which allows either the whole network, or specific devices, access to 192.168.241.111.
Logged
protoss1976
Newbie
Posts: 13
Karma: 0
Re: Web server access on two different LANs
«
Reply #4 on:
February 14, 2023, 07:18:40 pm »
1 "OFFICES ethernet 192.168.5.8"
Why would you use .8 for the gateway?
because OFFICES doesn't have DHCP and being more than 50 clients I can't pass them one by one and change the gateway. I inherited 5.8 from a colleague who configured it like this.
2 "DIDACTIC ethernet 192.168.1.12 (captive portal)"
Again, why .12 for gateway??
because from 1.1 to 1.11 I have other fixed IP addresses always inherited
3 "The fourth LAN (LAN_TV 192.168.241.0) is currently physically connected to the OFFICES because within LAN_TV there is a web server that must be accessible from the PCs of the OFFICES LAN. Since in the LAN_TV the server also works as DHCP, if I connect the LAN_TV to the fourth OPNsense ethernet, how do I configure the firewall rules to be able to access the web server from the OFFICE LAN?"
I had connected them with a cable so that I could access both LANTV and OFFICES from my workstation. Now I separated them and connected a cable from the LANTV switch to the Opnsense network card 192.168.241.1 and another cable from the OFFICES switch to the opnsense network card 192.168.5.8
the web server has IP 192.168.241.111/24 with gateway 192.168.241.1 while the PCs in OFFICES have 192.168.5.x/24 and gateway 192.168.5.8. I hope I explained myself. Can you please tell me step by step which rule to create for accessing
https://192.168.241.111
from the OFFICE LAN? A thousand thanks
Logged
Demusman
Sr. Member
Posts: 304
Karma: 13
Re: Web server access on two different LANs
«
Reply #5 on:
February 14, 2023, 08:42:55 pm »
I thought I did...
But if you need more than that, do this:
Add a rule on the Offices interface
Action = Pass
TCP/IP Version = IPv4 (or as you need)
Protocol = any (can be adjusted as needed)
Destination = single host ( or alias if you have one)
Give it a description and save.
Logged
protoss1976
Newbie
Posts: 13
Karma: 0
Re: Web server access on two different LANs
«
Reply #6 on:
February 15, 2023, 08:21:56 am »
nothing to do, it doesn't work
Logged
Demusman
Sr. Member
Posts: 304
Karma: 13
Re: Web server access on two different LANs
«
Reply #7 on:
February 15, 2023, 12:09:30 pm »
No, that isn't gonna work at all.
Do you think you did what I asked you to??
What interface is that rule on?
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
23.1 Legacy Series
»
Web server access on two different LANs