Bridging networks

Started by Daghondor, June 25, 2024, 06:29:46 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
June 25, 2024, 06:29:46 PM
Hi, i'm trying to replace my isp router with an opnSense VM running on proxmox but i'm having some problems so while i sort them out and still use the isp router, i was looking for a way to bridge the isp router network and opnsene so that i don't have to unplug cables while testing.

i've tried creating a bridge between the lan and wan interface but it didn't work.

i'm planning to use the isp router as modem, opnsense as router/dhcp/firewall and another router in bridge mode as AP/switch.
i have 3 nics on the proxmox pc and i'm using 2 exclusively for opnsense (one nic is connected to the isp router and the other to the AP, which is then connected to the other nic used by proxmox and the vms)

from the proxmox pc (where i've installed a desktop environment) i can reach opnsense both from the lan and wan ip, but i can't do so from other pcs on the isp network.
while i'm sorting out this and other problems that i'll list below, i was wondering if it was possible to unify both networks so that i can do some testing from my main pc.

here's also some other issues i haven't managed to solve as of now:

-i've tried bridging the ports and adding firewall rules to allow traffic coming from the wan but i still cannot connect to proxmox GUI or any vms without using tailscale (from the ISP network) although proxmox has a static ip from the isp router too.

-even if i've unchecked the box to block traffic from private networks, i've seen the firewall blocking a ton of traffic from devices on the isp network. is this the reason why i cannot detect shared folders?

-from the proxmox gui, i can ping both networks and the internet, but from the desktop environment, i can't reach the internet if i'm not connected to the AP with wifi, even tho it is already connected with the ethernet cable.

could it be that the problem are the virtualized nics?

sorry for the wall of text, feel free to ask if i haven't been clear about something (it's quite a mess of a setup so i might have)

June 25, 2024, 06:33:15 PM #1
i've just noticed that after creating the bridge, the devices from the opnsense network have appeared on the isp router gui. still, i cannot ping them.
just to be clear, instead of the 192.168.1.x of the isp, i use 10.1.1.x for opnsense. as far as i know this address should be ok for a private network, isn't it?
June 25, 2024, 11:49:42 PM #2
> i've tried creating a bridge between the lan and wan interface but it didn't work.
When you create a bridge, all members become part of the same network. WAN and LAN are by definition different networks, so this is never going to work right.

I might not understand your questions and setup but
Quotei'm planning to use the isp router as modem, opnsense as router/dhcp/firewall and another router in bridge mode as AP/switch.
this is doable. Put the isp router in modem mode only i.e. no dhcp, firewall, etc (some isp routers can't) and setup OPN NIC1 as WAN to it, you might need to set a static IP for it but you need one device to get the public ip for you. If the modem will allow OPN to get it, then you are fine. Otherwise you need to set OPN WAN to use your modem as gateway. This is the tricky part.
The NIC2 on OPN becomes the LAN. You set it up with the network you want, set DHCP, etc. for your clients. Don't forget DNS. The docs will give you the details.
Finally, do yourself and others here a favour and draw a diagram, setting the IPs and networks on each segment and it will begin to make sense. You potentially have four  segments: Internet to modem, modem to Proxmox,  OPN, LAN.
June 26, 2024, 02:15:10 PM #3
isn't there any way to do that? i mean, it's not essential but i'd like to be able to reach the modem even after migrating.

i had to manually set the gateway on opnsense cause the default one didn't point to the isp router but after that it's been working ok.

i'll post a diagram asap but i think you understood the setup pretty much

June 26, 2024, 02:50:57 PM #4
Maybe a case of semantics.
In networking speak bridging has a very specific meaning. In it, no, you can't do a bridge of WAN and LAN.
However you can route between them, that is the purpose of a router.
One more thing, if what you're after is being able to get to your modem after putting OPN in the chain, maybe this will be what you're after https://forum.opnsense.org/index.php?topic=36936.0
June 26, 2024, 06:00:55 PM #5
Sorry for the misunderstanding, i'm very new at this and english isn't my first language so i picked the first word i thought could make sense.
anyway, i'll check the guide, thank you
Print
Go Up Pages1
User actions