Are interface IPs useable?

Started by FlyveHest, October 12, 2025, 08:18:21 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
October 12, 2025, 08:18:21 AM
I am new OPNsense user and i'm still not entirely sure i've wrapped my head around how opnsense does "routing". (I am currently using an EdgeRouter)

I have a /29, lets use 192.168.0.1/29, fully routed.

If I assign 192.168.0.7/29 to an interface, can I still use that IP "behind" the interface, or do I need to do some form of NAT, possibly 1:1, to access the equipment on that port?

Also, if I have multiple interfaces and I need to break up the net and "route" some of the IPs to one, some to another, how is this possible? (I think that this is maybe where virtual IPs should be used)


Thanks in advance for any help
October 12, 2025, 08:52:54 AM #1 Last Edit: October 12, 2025, 08:55:22 AM by Monviech (Cedrik)
If you e.g have an OPNsense with WAN and LAN, and your ISP configures a transfer net to route the IP addresses to the WAN of the OPNsense, on the LAN side of it you can configure the full /29 net you have without NAT required. Then your server devices you have can configure a real IPv4 address.

So e.g

ISP 172.16.1.1/30 - [172.16.1.2/30 WAN -  LAN 192.168.0.1/29] - Server 192.168.0.2/29

If the IP block you have is directly configured on your WAN though, you need some form of NAT if your LAN is configured with RFC1918 addresses.
Hardware:
DEC740
October 12, 2025, 06:39:35 PM #2
A transfer net is the setup, yes, a /30 with the /29 routed "inside".

I've setup the /30 on the WAN interface, but how do I set up the full /29 on an interface, without OPNsense using one of the IPs?

In your example, 192.168.0.1 would be "used" on the OPNsense interface, and not useable on a device, correct?
October 12, 2025, 07:14:12 PM #3
You don't. OPNsense will use one of the IP addresses and be the default gateway in that particular network, 5 more are usable for devices. The lowest (lowest 3 bits 000) and the highest (111) address are not usable at all. That's how IP works.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
October 12, 2025, 08:58:27 PM #4
Quote from: Patrick M. Hausen on October 12, 2025, 07:14:12 PMYou don't. OPNsense will use one of the IP addresses and be the default gateway in that particular network, 5 more are usable for devices. The lowest (lowest 3 bits 000) and the highest (111) address are not usable at all. That's how IP works.

This is not the case for a routed /29 in a link/transport net, the entire /29 is useable for devices.

I have a similar setup on another location, where I currently use 7 IPs.

I think OPNsense calls this a far gateway, when your gateway resides in another net.
October 12, 2025, 10:11:06 PM #5
Quote from: FlyveHest on October 12, 2025, 08:58:27 PMThis is not the case for a routed /29 in a link/transport net, the entire /29 is useable for devices.

Correct. But I would not run any setup this way. I stick to "one interface, one subnet". My way works. Always. With any product, be it OPNsense or any other firewall, commercial or open source.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
Print
Go Up Pages1
User actions