Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
17.1 Legacy Series
»
Topology
« previous
next »
Print
Pages: [
1
]
Author
Topic: Topology (Read 4912 times)
strebor
Newbie
Posts: 5
Karma: 0
Topology
«
on:
May 16, 2017, 01:35:37 pm »
Hi opnsensative types. I’d like to ask a question about the choices of topology available to me under Opnsense. I’m not new to networking but see myself as more a victim than practician. I want to host a couple of very low volume web sites and some remote access software, VPN etc.
Should I go for the usual double NAT behind the ISPs router, I could use IPv6 which is more static than the IPv4 address provided but as I can barely cope with v4 two more vs might be too many!
Or
Should I drop in a transparent Bridge to the existing LAN and let the ISP router do DHCP etc?
Do I put the internet facing servers in a DMZ from the ISP router or create a DMZ off the Opnsense host.
Answers on a postcard, thanks in anticipation Strebor
Logged
bartjsmit
Hero Member
Posts: 2014
Karma: 194
Re: Topology
«
Reply #1 on:
May 16, 2017, 01:49:56 pm »
Hi Strebor,
The neatest solution is to run your ISP router in modem only mode (if it supports it) and do everything on OPNsense
Double NAT is fine for your use case, with IPv6 if you have a large enough delegation from your ISP (better than /64). It does create some problems with media streams and games.
Transparent (bridge) mode OPNsense is used widely too, mostly by those with restrictive uplink settings.
Bart...
Logged
strebor
Newbie
Posts: 5
Karma: 0
Re: Topology
«
Reply #2 on:
May 17, 2017, 01:47:30 pm »
Thanks Bart, unfortunately I'm stuck with router as is, no bridge. If I were to go for a drop in TB will I still be able to OpenVpn an other functionality, in other word 'traffic shaping' aside what else will not work?
Strebor
Logged
bartjsmit
Hero Member
Posts: 2014
Karma: 194
Re: Topology
«
Reply #3 on:
May 17, 2017, 02:18:55 pm »
Yes, OpenVPN only needs a public IP/NAT to work. I've not used bridge mode, but logically you would only miss out on the routing functions; Quagga, gateway failover, etc.
The nice thing about bridge mode is that it's easy to test since you don't need any changes to your router.
Bart...
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
17.1 Legacy Series
»
Topology