Where should I put the maintence interface?

Started by timlab55, December 02, 2025, 03:32:12 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
December 02, 2025, 03:32:12 PM
I'm sure a lot of people who are new to OpnSense would like to know this as well.  For example, and again I say "for example", my home network is on 192.168.75.0/24, and my OpnSense is on 192.168.2.0/24.  So where would the maintenance interface go (which ip address)?
December 02, 2025, 04:45:51 PM #1
If your home LAN is 192.168.75.0/24 then the LAN interface of OPNsense must also have an IP address in that network. Picking an address from 192.168.2.0/24 for OPNsense won't work.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
December 02, 2025, 05:16:10 PM #2
And after that, how many ports do you have on your firewall hardware?

In theory you would need the following:

LAN
WAN
Management

ports if you want to do things the easy way. You can manage the firewall from the LAN (the default configuration). Many of us just make a maintenance network if we have an extra port and use it kind of as backup if the LAN port gives us a problem. And I've had to use mine when I did something that knocked out all my other ports, makes a good use of those onboard Realtek ports that a lot of us have, works good enough to get in and fix your mistake.
December 02, 2025, 10:56:50 PM #3
This is along the same problem.  I've been following the video from "Home Network Guy - How To Set Up A transparent Filtering Bridge on OPNsense" because I'm very slowly learning about networking.  I mean, to me it's step by step (which is what I need).  Two problems.  #1:  One day, I can get it to work (the section I'm learning about), and the next day, I go back and make a correction or something, and it doesn't work.  Come back a week later and it does work.  Doesn't make sense to me.  And yes, he does talk about making the maintenance interface.  He the reason for my question is because of what he is saying, I have no clue about.  In his video he states "You will need to ensure the static IP address is not located in the DHCP range you have set on your primary router and does not conflict with any other static IP addresses on your management network."  So again, with the opening question and this, what should my ip address be for the MGMT interface?
December 02, 2025, 11:11:37 PM #4 Last Edit: December 02, 2025, 11:22:14 PM by Patrick M. Hausen
Why are you trying to set up a transparent filtering bridge? The most complex error prone hard to debug configuration of a firewall existing? Set up OPNsense as a router and firewall which is the well documented default.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
December 02, 2025, 11:17:37 PM #5
And frankly speaking, the videos I saw from that guy are mostly outdated, unspecific and in some cases, beside "usual" approaches. As Patrick noted, transparent filtering bridges might look like a good idea to beginners (obviously, also to Home Network Guy), while in reality, they make most things harder.
Intel N100, 4* I226-V, 2* 82559, 16 GByte, 500 GByte NVME, ZTE F6005

1100 down / 800 up, Bufferbloat A+
Today at 04:23:37 AM #6 Last Edit: Today at 04:29:30 AM by Greg_E
If you really want to configure it this way, try this document:

https://www.zenarmor.com/docs/network-security-tutorials/how-to-configure-transparent-filtering-bridge-on-opnsense

Might be dated so things might have moved around a little, but should still work.

Not entirely sure why you would want this, what's the real world application?
Today at 05:11:42 AM #7
Ok, Ok, so the question keeps coming up, why do I want the transparent bridge?  For a newbie (like myself), it's learning new things.  Secondly, I love my router too much to have it sit in the hallway somewhere. But I'm hoping that once everything is settled, and I'm happy, the wife is glad, and my router breaks down, then yes, my mini pc will take over as the main router.  Besides that, I also have 33 CCTV cameras that I would have to move, and more.  So, a little bit at a time, okay, guys?  But you still haven't answered my question, where would I or what ip address would I use for the maintenance bridge?
Thanks.
Today at 07:14:48 AM #8
I would use an IP address in the LAN network and of course put it on the bridge interface.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
Today at 10:25:01 AM #9
Is that possible with a transparent bridge setup? I frankly do not know...

And BTW: Does Home Network Guy not specifically cover that basic question, which should come up all the time with such setups, I imagine?
Oh, yes, he does. By creating a MGMT interface and bridging that to WAN. How elegant and intuitive.

I still do not get how people think that a transparent bridge would be easier than a routed setup.
Intel N100, 4* I226-V, 2* 82559, 16 GByte, 500 GByte NVME, ZTE F6005

1100 down / 800 up, Bufferbloat A+
Today at 10:28:09 AM #10
Specifically given that you need explicit rules for the most basic network communications between the clients on one side of the bridge and the router on the other one. ARP, NDP, DHCP, SLAAC, ...

Unless of course you just "allow any any" - but the, what's the point?
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
Print
Go Up Pages1
User actions