PPPoE via VLAN7 on only one NIC - Firewalls on WAN or PPPoE? Difference?

Started by luck3rhoch3, April 08, 2025, 10:05:38 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
April 08, 2025, 10:05:38 PM
Hello,

im very new to OPNSense and networking. I only worked with products like AVM Fritz!Box and Telekom Speedports. I have basic knowledge of port forwarding, firewall rules, and similar topics.

I now installed OPNsense on an Intel NUC that only has one LAN-port. OPNSense is connected to a managed switch via trunk port. MY ISP-Modem is connected to a second switch port with Tagged VLAN 7.

Everything is working so far but i just want to make sure i configured it correctly.




I have a WAN-Interface which is assigned to VLAN7:
You cannot view this attachment.
My ISP (Telekom) dictates VLAN 7 for the PPPoE-Connection. Is WAN configured correctly? Are "block private networks" and "block bogon networks" configured right? (ticked)




The PPPoE-Interface looks like this:
You cannot view this attachment.



My Dashboard looks like this:
You cannot view this attachment.
WAN has no IP, PPPoE gets the ISP-IP.



My NAT-Rules look like this:
You cannot view this attachment.
Every guide or tutorial and even the OPNSense help tells me, that i have to use the WAN-Port für rules like this, but the rules only work if i use the PPPoE-Interface (WANVLAN7).



Just to be clear: I don't actually have any problems. Internet is working. VLAN Isolation is working. VoiP via my old Fritzbox (access point and VoIP) is working. I'm just worried that I might have misconfigured something, which could lead to security issues.

Thanks in advance for your help!
April 08, 2025, 11:43:30 PM #1
I reworked my whole setup and now it looks normal. It isn't a good idea to let ChatGPT configure the Interfaces :-D

I didnt have to assign the VLAN 7 to a interface. I just linked it directly inside the PPPoE-"Device" and assigned the PPPoE-"Device" to the WAN-interface.

Now everything works fine and i can manage firewall and NAT rules directly with my WAN-Interface.
April 09, 2025, 09:57:08 AM #2
QuoteIt isn't a good idea to let ChatGPT configure the Interfaces :-D

Really? I handed over all my bank accounts to ChatGPT to optimize my pension. Hope you are wrong...
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare

felix eichhorns premium katzenfutter mit der extraportion energie

A router is not a switch - A router is not a switch - A router is not a switch - A rou....
Print
Go Up Pages1
User actions