Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
21.1 Legacy Series
»
Initial setup / multiple dedicated IPs
« previous
next »
Print
Pages: [
1
]
Author
Topic: Initial setup / multiple dedicated IPs (Read 2958 times)
sgbran
Newbie
Posts: 4
Karma: 0
Initial setup / multiple dedicated IPs
«
on:
April 13, 2021, 02:32:01 pm »
Good morning, I'm hoping someone can tell me the best way to do what I'm doing. Most of my work with opnsense so far has been experimental, I'm trying to learn how to do all of the things. I have a full rack in a datacenter with a 10g copper drop. I have the 10g drop coming into my opensense machine and then my cisco switch is connected on another interface. I have a /28 of allocated IPv4 space. Is it possible for me to have a machine connected to the switch utilize one of the dedicated internet facing IPs? I may have a misunderstanding of how 1:1 NAT works, but I am currently under the assumption I have to assign a local IP on a machine like 192.xxx and then a virtual IP on the opnsense machine. I want the individual utilizing this machine to be able to have the dedicated IP information in their /etc/network/interfaces file and not have a "LAN" IP there. Please advise if you would be so kind, thanks!
If having a switch in front of OPNsense with the drop, and them plugged into that switch is the only way, then I understand, but I wanted the option of filtering the traffic for things like country blocks etc...
Logged
marjohn56
Hero Member
Posts: 1701
Karma: 179
Re: Initial setup / multiple dedicated IPs
«
Reply #1 on:
April 13, 2021, 02:55:30 pm »
Yes, add the WAN IP as a virtual IP and then add a 1:1 NAT to the internal machine, that's how my mail gateway and web servers work. Don't forget to add the rules!
Logged
OPNsense 24.7
-
Qotom Q355G4
- ISP -
Squirrel 1Gbps
.
Team Rebellion Member
- If we've helped you remember to applaud
sgbran
Newbie
Posts: 4
Karma: 0
Re: Initial setup / multiple dedicated IPs
«
Reply #2 on:
April 13, 2021, 03:34:11 pm »
So you're saying with the 1:1 NAT, I should be able to set the static interface IP on the machine itself as the dedicated internet facing IP, and not have to use a 192.xxx type IP? I had read I may need another interface dedicated to that /28 to handle that traffic. If so, can that be virtual or does that have to be a third physical interface? If it can be virtual, do VLANs need to be involved?
«
Last Edit: April 13, 2021, 04:23:57 pm by sgbran
»
Logged
marjohn56
Hero Member
Posts: 1701
Karma: 179
Re: Initial setup / multiple dedicated IPs
«
Reply #3 on:
April 13, 2021, 04:48:48 pm »
No, it's NAT "To" the internal machine. i.e. server resides at 10.4.12.30
Like this:
You need to add the virtual IP of the WAN address you want natted.
Ignore the gateway and virtual IP password, that's my browser doing odd things and pasting them in!
«
Last Edit: April 13, 2021, 04:57:16 pm by marjohn56
»
Logged
OPNsense 24.7
-
Qotom Q355G4
- ISP -
Squirrel 1Gbps
.
Team Rebellion Member
- If we've helped you remember to applaud
sgbran
Newbie
Posts: 4
Karma: 0
Re: Initial setup / multiple dedicated IPs
«
Reply #4 on:
April 13, 2021, 04:57:30 pm »
Yeah but that's assigning a private IP to the host machine. I want the host machine to use the public IP locally. It's for game servers, so it's important it knows that it's a public machine and not a private one. But I'd like to be able to filter the traffic too in the firewall.
Logged
marjohn56
Hero Member
Posts: 1701
Karma: 179
Re: Initial setup / multiple dedicated IPs
«
Reply #5 on:
April 13, 2021, 04:59:57 pm »
Well you might be able to, but I can't help you with that. The normal way is to NAT.
Logged
OPNsense 24.7
-
Qotom Q355G4
- ISP -
Squirrel 1Gbps
.
Team Rebellion Member
- If we've helped you remember to applaud
sgbran
Newbie
Posts: 4
Karma: 0
Re: Initial setup / multiple dedicated IPs
«
Reply #6 on:
April 13, 2021, 05:09:26 pm »
I have it functioning with a transparent bridge presently, but it complicates things to say the least.
Logged
Maurice
Hero Member
Posts: 1213
Karma: 158
Re: Initial setup / multiple dedicated IPs
«
Reply #7 on:
April 13, 2021, 06:38:14 pm »
This can be done without NAT and without having to fall back on a transparent filtering bridge, but the exact configuration depends on the configuration of the upstream router. Do you have a dedicated WAN address which the /28 is routed to? Or does the upstream router expect the /28 to be on-link? And is the upstream router's IP address within the /28?
Cheers
Maurice
Logged
OPNsense virtual machine images
OPNsense aarch64 firmware repository
Commercial support & engineering available. PM for details (en / de).
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
21.1 Legacy Series
»
Initial setup / multiple dedicated IPs