[Solved] How to get traffic back from static address on different interface?

Started by Droid999, January 23, 2021, 05:13:15 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
January 23, 2021, 05:13:15 AM Last Edit: January 24, 2021, 04:31:41 AM by Droid999
Hi

Have recently completed setting up OPNSense and it's all good - I only one thing left which is not working.

I don't seem to be able to get traffic back from the Bridged Modem.

My OPNSense machine has 4 interfaces:

igb0: WAN ( DHCP )
igb1: LAN ( 10.1.1.1 )
igb2: WIFI ( 172.16.1.1 )
igb3: Modem ( 10.2.1.1 ) - plugged into LAN port of Bridged Modem.

From LAN I can get to machines located within the WIFI network no problems ( HTTP to 172.16.1.2 )

From LAN I can get to machines located with the Modem network; IF they are assigned a DHCP address from the Modem interface ( HTTP to 10.2.1.3 works ).

However, my bridged modem has a static address of 10.2.1.2 - no options to set a gateway or DHCP.

If I SSH into the firewall, I can telnet 10.2.1.2 80, and get a response,

Code Select

$ telnet 10.2.1.2 80
Trying 10.2.1.2...
Connected to 10.2.1.2.
Escape character is '^]'.

HTTP/1.1 400 Bad Request
Content-Type: text/html; charset=utf-8
Content-Length: 110
Connection: close

<html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center></body></html>Connection closed by foreign host.


in the firewall rules I can see a connection:

Code Select

MODEM_ACCESS Jan 23 14:45:57 10.2.1.1:33765 10.2.1.2:80 tcp let out anything from firewall host itself


If I attempt the same thing from a LAN address I get

Code Select

> telnet 10.2.1.2 80
Trying 10.2.1.2...

telnet: Unable to connect to remote host: Connection timed out


and the firewall logs show

Code Select

MODEM_ACCESS   <-   Jan 23 15:09:57 10.1.1.30:47270 10.2.1.2:80 tcp let out anything from firewall host itself


When I ping 10.2.1.2 I get

Code Select

>ping 10.2.1.2
PING 10.2.1.2 (10.2.1.2) 56(84) bytes of data.


and the firewall logs show

Code Select

MODEM_ACCESS   <- Jan 23 14:54:19 10.1.1.30 10.2.1.2 icmp let out anything from firewall host itself
lan -> Jan 23 14:54:19 10.1.1.30 10.2.1.2 icmp Allow ping ICMP traffic around the internal network


How do I get traffic back from the static address ( 10.2.1.2 ) to the LAN net ?

Thanks.

[Solved]

This required a static route to be entered on the LAN interface of the modem directing the source IP back to it's gateway address.
January 24, 2021, 03:16:35 AM #1
Sounds like you need to add a static route to the other network on the modem. The modem would be unaware of other networks unless you tell it about them.
Print
Go Up Pages1
User actions