Access between two interfaces

Started by pickone, April 27, 2024, 04:18:56 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
April 27, 2024, 04:18:56 PM
Hi!

I don't understand something, being a 5 days newbie to OPNSense, maybe someone can explain to me.

Let's say that I have a minipc with two lan interfaces (lan1, lan2), we don't talk about wan, only lans.
One cable between my computer and LAN1 plug of the minipc...

minipc interfaces:
LAN1 192.168.10.1
LAN2 192.168.20.1

My computer's IP 192.168.10.2.
From my computer, I can access the router's GUI and change all the settings.
If I ping 192.168.10.1 it is working.
There is any solution to access/ping 192.168.20.1 from my computer as well or I don't understand how the thinks are working with OPNSense?
If there is any solution, please share to me. In rules, I passed everything to everything for both interfaces, in the firewall rules:     
Code Select
IPv4 * * * * * * * Default allow LAN to any rule

Thank you in advance!
April 27, 2024, 06:46:27 PM #1
Quote from: pickone on April 27, 2024, 04:18:56 PM
There is any solution to access/ping 192.168.20.1 from my computer as well or I don't understand how the thinks are working with OPNSense?

Ping interfaces is default network functionality, nothing OPNsense special:

- What is the status of the LAN2 interface when you try to ping it ? In Interfaces: Overview, what is the "Status" of LAN2: Red or Green ?

- If it's Red, is LAN2 connected to some network device that's powered on Switch / PC ?


April 27, 2024, 07:01:32 PM #2
Quote from: netnut on April 27, 2024, 06:46:27 PM
Quote from: pickone on April 27, 2024, 04:18:56 PM
There is any solution to access/ping 192.168.20.1 from my computer as well or I don't understand how the thinks are working with OPNSense?

Ping interfaces is default network functionality, nothing OPNsense special:

- What is the status of the LAN2 interface when you try to ping it ? In Interfaces: Overview, what is the "Status" of LAN2: Red or Green ?

- If it's Red, is LAN2 connected to some network device that's powered on Switch / PC ?

It is Red because I did not inserted any cable in LAN2. I thought that I can ping the interface
April 27, 2024, 07:24:16 PM #3
Quote from: pickone on April 27, 2024, 07:01:32 PM
It is Red because I did not inserted any cable in LAN2. I thought that I can ping the interface

If a physical ethernet interface isn't _actively_ connected to "the network" it isn't working (No Carrier) so there's no reason to send packets to it, hence an ICMP ping fails.

There're lot of use cases where you might want a physical interface to be "Up" even without a physical connection, but your case is standard ethernet behaviour.
April 27, 2024, 07:34:10 PM #4
Alright, now I understand how it is working...
I need another device which should be in LAN2, then transmit a ping to this. I thought that because the interface have an IP, I can ping it as well.

Thank you for the explication.
April 27, 2024, 07:37:05 PM #5
Quote from: pickone on April 27, 2024, 07:34:10 PM
I need another device which is in the LAN2, that can be transmited a ping action. I thought that because the interface have an IP, I can ping it as well.

No, you need the interface you're trying to ping, LAN2 in your case to be UP. The only way to get that LAN2 interface UP is connecting it to some other Ethernet device (or do some magic in /etc/rc.conf, but that's another story).
April 27, 2024, 07:46:29 PM #6
Last question, just to be sure :-D

After I add something to LAN2 and it will be green. I can ping even the interface 192.168.20.1? Or just the devices connected to LAN2? I am thinking to add a cable between LAN2 and LAN3  ;D
April 27, 2024, 07:49:43 PM #7
Quote from: pickone on April 27, 2024, 07:46:29 PM
After I add something to LAN2 and it will be green. I can ping even the interface 192.168.20.1? Or just the devices connected to LAN2? I am thinking to add a cable between LAN2 and LAN3  ;D

Both, if your firewall rules will allow it (which should by default from LAN).
April 27, 2024, 07:54:47 PM #8
Quote from: netnut on April 27, 2024, 07:49:43 PM
Quote from: pickone on April 27, 2024, 07:46:29 PM
After I add something to LAN2 and it will be green. I can ping even the interface 192.168.20.1? Or just the devices connected to LAN2? I am thinking to add a cable between LAN2 and LAN3  ;D

Both, if your firewall rules will allow it (which should by default from LAN).

Alright, thank you for the info.
Cheers
April 27, 2024, 08:02:29 PM #9 Last Edit: April 27, 2024, 08:07:56 PM by pickone
It is kinda strange...
I made LAN2 and LAN3 as green, then all the interfaces rules like this one:
QuoteIPv4 *    *    *    *    *    *    *       Default allow LAN to any rule

But still I can't ping the interface...  :(

I can ping them all (LAN1, LAN2, LAN3), from inside the router, at Interfaces > Diagnostics > Ping... But not from my computer. From my computer, only LAN1 can get ping
April 28, 2024, 12:32:30 PM #10
My appliance has got 3x LAN ports with LAN1 (192.168.0.1) being the main one and with my laptop (IP address of 192.168.0.3) I'm able to ping the other two interfaces LAN2 and LAN3 (being on 192.168.10.1 and 192.168.20.1 respectively) regardless if I've got a device attached to them, e.g. I can ping LAN2 and LAN3 also if they are NOT up (i.e. no carrier / red cross icon).

I don't have the 'allow all' rule on any of the LAN interfaces, and for the ping I just added a rule in 'Floating' as
Code Select
IPv4 ICMP * * * * * * 3 Allow ICMP echo request messages
Print
Go Up Pages1
User actions