OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 21.1 Legacy Series »
  • [Solved] Multiple Subnets Behind L3 switch
« previous next »
  • Print
Pages: [1]

Author Topic: [Solved] Multiple Subnets Behind L3 switch  (Read 2408 times)

devrandom

  • Newbie
  • *
  • Posts: 3
  • Karma: 0
    • View Profile
[Solved] Multiple Subnets Behind L3 switch
« on: April 30, 2021, 04:45:28 pm »
I am having issues getting my Subnets (behind a L3 switch) to be able to connect to the internet. I am reasonably sure my switch configuration is good as I've had this exact topology working with my Unifi Security Gateway (what I'm trying to replace) as well as a SonicWall and OpenBSD before that. I've attached a diagram of my topology.

My setup:

OPNsense LAN: 10.1.0.0/24
OPNsense LAN IP: 10.1.0.1
L3 Switch LAN IP: 10.1.0.254
Workstations Subnet: 10.1.1.0/24
Servers Subnet: 10.1.2.0/24
Wireless Subnet: 10.1.3.0/24

What works:
- All subnets can ping each other and ping the OPNsense LAN IP (10.1.0.1)
- Any devices on the OPNsense LAN (10.1.0.0/24) and ping the other subnets behind the L3 switch and ping addresses on the internet.

What doesn't work:
- None of the subnets behind the L3 switch can ping the internet

What I've done:
- Created a gateway to the L3 switch.
- Created static routes for the subnets
- Tried creating firewall rules to allow the subnets through the firewall
- Tried disabling Static Route Filtering

Logs:
- When I try to ping external addresses from the subnets behind the L3 switch, I don't see any corresponding log entries. This makes me think it's a routing or NAT issue even though all those subnets can ping the LAN IP of OPNsense.

The only other thing I haven't tried (after reading another post on VPN) that I will when I get home is creating creating an Outbound NAT rule.

I'm at work and will have to wait until I get home to try this.

But I'm curious if anyone else has any suggestions for things I might be missing.

« Last Edit: May 02, 2021, 03:07:58 am by devrandom »
Logged

Giant850

  • Newbie
  • *
  • Posts: 26
  • Karma: 0
    • View Profile
Re: Multiple Subnets Behind L3 switch
« Reply #1 on: April 30, 2021, 06:35:48 pm »
I have a similar setup, with a layer3 Mikrotik router on the LAN side of my home network. In order to get those subnets internet access I:

-Created a Firewall alias for the lab network
-Added an outbound NAT rule for the lab network alias to allow WAN access

After I did that, the lab network VMs could route to and from the internet.

Logged

devrandom

  • Newbie
  • *
  • Posts: 3
  • Karma: 0
    • View Profile
Re: Multiple Subnets Behind L3 switch
« Reply #2 on: May 02, 2021, 03:07:19 am »
Thank you very much!

That was exactly what I needed to do and everything is humming along happily now.
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 21.1 Legacy Series »
  • [Solved] Multiple Subnets Behind L3 switch
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2