Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Migrating to opnsense
« previous
next »
Print
Pages: [
1
]
Author
Topic: Migrating to opnsense (Read 2415 times)
chr
Newbie
Posts: 11
Karma: 0
Migrating to opnsense
«
on:
March 04, 2021, 11:52:33 pm »
I'm in the process migrating over to opnsense. My plan is to have 2 separate networks OPT1 for my nvr and LAN for the main network and DHCP server. I tried to capture this in a diagram - attached.
Before the cut over I just want to learn a little bit more about opnsense. The actual migration is just to connect the modem, enable the WAN interface on the opnsense FW, make LAN the 192.168.1.1 default GW and then turn the wifi router into an access point.
Everything is up and running with the latest version. Seems to be working fine except I'm not able to reach the NVR on the second network. I thought I would just be able to add a fw rule to allow LAN access to OPT1? As an example if I'm on the PC 192.168.1.118 I want to access the NVR 192.168.2.3 over ssh or http.
Am I missing something obvious? Do I need to add a route etc? Or is this just not a good scenario and I should just set it up the way it is intended. My understanding was that within the network behind the WAN interface I should just need the fw rules to OPT1 to allow LAN in. And the GW for OPT1 is auto.
I hope this make sense. Appreciate any help or advice.
«
Last Edit: March 04, 2021, 11:55:57 pm by chr
»
Logged
Inxsible
Full Member
Posts: 143
Karma: 6
Re: Migrating to opnsense
«
Reply #1 on:
March 05, 2021, 12:53:24 am »
In the same boat !! I am into day 4 of my migration from pfSense to Opnsense. What are you migrating from?
As for your question, you can definitely access your OPT1 via your LAN as long as you set up the correct rule. I do it reverse. I keep my NVR on the LAN itself, and the cameras & ROKU on separate VLANs. I have my IOT devices connect to my media server on the LAN. and also my CCTV (cameras) connect to my NVR on the LAN
Here's an example of my rules for the IOT VLAN to be able to connect to my media server
So you should have 2 Allow rules on you OPT1 network:
Protocol: IPv4 TCP+UDP
Source: Single address -- 192.168.1.118
Port: any
Destination: Single address -- 192.168.2.3
Port: 22 (you can select the SSH option which will default to 22 -- but if you are using port obfuscation then put in the correct port where your SSH server listens on the NVR.
Create another for Dest Port 80 (http) or 443(https) and you should be able to access the NVR from your PC on 192.168.1.118
«
Last Edit: March 05, 2021, 01:16:30 am by Inxsible
»
Logged
chr
Newbie
Posts: 11
Karma: 0
Re: Migrating to opnsense
«
Reply #2 on:
March 05, 2021, 02:20:56 am »
Glad to hear I'm not the only one. I was going to start with the NVR but I also have some IOT devices that I can move once I get this figured out.
I did add the rules but for some reason I'm not able to get through from LAN. The current wifi router is a Deco M9+. As long as I have the pass in rule for OPT1 I was hoping what you are doing would be all I need to do.
I should add that I have 2 switches between the wifi router and the opnsense server. Part of this process I'm moving all the networking gear and servers to a different location so I have to run new cables. The family have no appreciation for the effort and requires no down time...
I will start over with OPT1 and can post how the interfaces are setup and the rules. I must have done something wrong. Appreciate the reply.
Logged
Greelan
Hero Member
Posts: 1028
Karma: 72
Re: Migrating to opnsense
«
Reply #3 on:
March 05, 2021, 02:27:07 am »
OP: your diagram is a bit confusing as it seems to mix before and after states. Anyway, assuming OPNsense is the gateway and handling DHCP etc, then it will simply be a FW rule IN on the LAN interface with source of LAN net/LAN IPs you want to be given access, and destination of the relevant IOT IPs
If you have the default allow to any rule on the LAN interface, that should do the work for you
Logged
chr
Newbie
Posts: 11
Karma: 0
Re: Migrating to opnsense
«
Reply #4 on:
March 05, 2021, 05:45:27 am »
Yeah, sorry about that. I intended to show the dotted line being after I move the modem.
This was helpful. Changed LAN to any rule and I'm now able to ping OPT1 from the PC on LAN - progress.
Next I will check the NVR to make sure it is setup the way it should. Thanks for pointing me in the right direction!
Logged
chr
Newbie
Posts: 11
Karma: 0
Re: Migrating to opnsense
«
Reply #5 on:
March 09, 2021, 12:49:20 am »
I'm well underway with my migration effort. Just to add, if anyone else is doing something similar - since I'm using my current router for internet and default gw I just had to add a route for my current network to the LAN interface 192.168.1.2 and then everything just works as suggested.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Migrating to opnsense