Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
20.1 Legacy Series
»
Management on Second Interface
« previous
next »
Print
Pages: [
1
]
Author
Topic: Management on Second Interface (Read 12692 times)
wisesongs
Newbie
Posts: 8
Karma: 0
Management on Second Interface
«
on:
April 19, 2020, 07:56:03 pm »
I would like to configure my Opnsense computer while it is connected to the LAN, but not functioning as a router. I planned to do this by disconnecting the cables on the WAN and LAN interfaces, then accessing the WebGUI over a cable connected from the switch to the OPT1 interface. I assigned the LAN interface to 192.168.0.1 and OPT1 to 192.168.0.10.
After I configured the firewall rules to allow access to the WebGUI on OPT1/ 192.168.0.10, I connected the cable to OPT1 and I could open the WebGUI. Then a strange thing happened when I removed the LAN cable, I could no longer access anything on the OPT1 address. With the LAN cable in place and the OPT1 cable removed I cannot reach the OPT1 address, so the only way I can use OPT1 is with
both
cables in place.
Any ideas what is wrong and how to fix it?
Logged
hbc
Hero Member
Posts: 501
Karma: 47
Re: Management on Second Interface
«
Reply #1 on:
April 19, 2020, 10:13:01 pm »
You need to enable GUI on OPT1. Per default it only listens on LAN.
It's a setting somewhere in
System: Settings: Administration
listen interface
Logged
Intel(R) Xeon(R) Silver 4116 CPU @ 2.10GHz (24 cores)
256 GB RAM, 300GB RAID1, 3x4 10G Chelsio T540-CO-SR
banym
Sr. Member
Posts: 468
Karma: 31
Free Human Being, FreeBSD, Linux and Mac nerd
Re: Management on Second Interface
«
Reply #2 on:
April 19, 2020, 10:31:55 pm »
And of course allow the traffic form the network to the interface address.
Not sure if the lockout-rule is generated by default if you enable management on that new interface.
Logged
Twitter: banym
Mastodon: banym@bsd.network
Blog:
https://www.banym.de
scyto
Newbie
Posts: 11
Karma: 1
Re: Management on Second Interface
«
Reply #3 on:
April 20, 2020, 09:26:24 am »
I set up opnsense for the first time ever today, in transparent bridge mode (where LAN and WAN are bridged).
Took me ages to work out that I had to set an IPv4 inbound firewall rule on OPT2 where source was OPT2 Network and rest was ANY.
Logged
wisesongs
Newbie
Posts: 8
Karma: 0
Re: Management on Second Interface
«
Reply #4 on:
April 22, 2020, 12:21:40 am »
banym: thanks for the reply. I tested your advice and tried adding a rule to allow all on the Opt1 interface. I found that it made no difference, I still needed both cables to get a reply from the Opt1 address.
Using the packet capture function, I was able to determine that the query was coming in on the Opt1 interface, and the reply was going out on the LAN interface. It seems very strange that OPNSense is not sending the reply on the same interface as the query.
I suspect that the reply is going to the LAN interface because that is the default route for that subnet and both interfaces have the same subnet assigned. I have no manual routes assigned.
Is there a way to have two interfaces assigned to the same subnet without bridging them? Bridging does not seem to be the right answer because I want the LAN gateway address, and the DHCP, NTP and DNS services, to be inaccessible when the cable is unplugged.
What other information would be helpful for troubleshooting?
Logged
banym
Sr. Member
Posts: 468
Karma: 31
Free Human Being, FreeBSD, Linux and Mac nerd
Re: Management on Second Interface
«
Reply #5 on:
April 27, 2020, 01:36:45 pm »
Hi, maybe you should have look into CARP. That could use two interfaces with the same IP.
That way if one of you interfaces stops working it switches to the second. Maybe this fits your needs?
Logged
Twitter: banym
Mastodon: banym@bsd.network
Blog:
https://www.banym.de
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
20.1 Legacy Series
»
Management on Second Interface