Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
How to configure OPNSense to allow internet access over LAN?
« previous
next »
Print
Pages: [
1
]
Author
Topic: How to configure OPNSense to allow internet access over LAN? (Read 3456 times)
phoenixmanz
Newbie
Posts: 1
Karma: 0
How to configure OPNSense to allow internet access over LAN?
«
on:
April 07, 2024, 01:39:27 pm »
Hi all.,
So this is my first attempt to setup an OPNSense FW for my home network.
I've been at it for a few days, and I'm sure this has been asked in some form before, but can't seem to find the information I need to get my home network to have internet access.
My networking knowledge is very basic and this a long text explaining my current config. Please be kind 🙏🏾
All IPs are configured with a /24 subnet.
My FTTH ISP is accessed by a Fritzbox 5530 Fiber router, and has the LAN IP 192.168.0.1 and has a RaspberryPi Pi-hole connected to it with the IP 192.168.0.3.
The machine I'm using is running an XCP-NG hypervisor, connected to the Fritzbox via the 1G onboard Intel NIC. It has it's management console at 192.168.0.29 and a XEN Orchestra VM at 192.168.0.30
The OPNSense FW is running as a VM and has the 1G onboard NIC (called xn0) and an Intel X540 dual NIC (called xn1 and xn2) assigned to it. NIC 2 (xn2)is disabled for now.
OPNSense has it's WAN configured on xn0 with 192.168.0.31 with 192.168.0.1 as the upstream gateway.
LAN is configured on xn1 with 192.168.1.1 with upstream gateway as Auto-detect (only option available) and DHCP enabled.
"Block private networks" and "Block bogon networks" are disabled for both LAN and WAN.
DNS server under System->Settings->General is 192.168.0.3 (Pi-hole).
The firewall has the following config
- LAN
- IN -> IPv4 - allow all sources, destinations and gateways on all ports.
- OUT -> IPv4 - allow all sources, destinations and gateways on all ports.
- WAN
- IN -> IPv4 - allow all sources, destinations and gateways on all ports.
- OUT -> IPv4 - allow all sources, destinations and gateways on all ports.
- NAT -> Port Forward
- For all source protocols and ports -> Destination = 192.168.0.31, NAT = 192.168.1.1
- For all source protocols and ports -> Destination = 192.168.1.1, NAT = 192.168.0.31
I have a PC connected to xn1 with the IP 192.168.1.3 and gateway/DNS 192.168.1.1
IPs I can ping from PC:
192.168.1.1 (OPNSense LAN)
192.168.0.31 (OPNSense WAN)
192.168.0.1 (ISP Fritzbox LAN)
192.168.0.3 (Pi-hole)
IPs I cannot ping from PC:
192.168.0.29 (XCP-NG)
192.168.0.30 (XEN Orchestra)
www.google.com
(142.250.186.68 !IP is found!)
All this config can also be seen in [these photos](
https://imgur.com/a/fRz73G0
), if that helps.
Am I going about this the right way at all?
I understand that this configuration might not be something for production, but I'm just trying things out for now. Would greatly appreciate some help with the correct configurations that will enable internet access on the 192.168.1.XXX network and the configuration to get it production ready.
The idea is to have all home devices behind the Firewall on the 192.168.1.XXX network.
Does it make sense to have the XCP-NG management interface and XEN Orchestra on the 192.168.0.XXX network?
Logged
meyergru
Hero Member
Posts: 1712
Karma: 168
IT Aficionado
Re: How to configure OPNSense to allow internet access over LAN?
«
Reply #1 on:
April 07, 2024, 02:55:38 pm »
Can you read german? If not, try Google Translate on this:
https://forum.opnsense.org/index.php?topic=39556.0
You either Need Double NAT or you must set up routes.
Logged
Intel N100, 4 x I226-V, 16 GByte, 256 GByte NVME, ZTE F6005
1100 down / 440 up
,
Bufferbloat A+
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
How to configure OPNSense to allow internet access over LAN?