Routing between interfaces

Started by Blade3, March 12, 2022, 08:03:17 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 12, 2022, 08:03:17 PM
Hi guys,
I have setup OPNSense on vmware as my firewall/gateway, between two networks:

-LAN - 10.0.0.0/8
- DMZ - 192.168.0.0/24

This works fine, however, and this is probably easy and very fundamental. I want to route traffic from the DMZ to the LAN, for certain applications. For example, an app on the DMZ web servers needs to report back to a server in the LAN, ie a deployment server, etc.

How can I setup routing on OPNSense to fulfil this?
March 12, 2022, 08:46:06 PM #1
OPNsense does route between all interfaces by default. What you need is a firewall rule to permit the traffic to pass.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
July 27, 2022, 09:16:23 PM #2
Hi,
as a OPNSense newbie,
can you post an example ?

my IF
LAN: 192.168.168.0
IPCam: 192.168.0.0

Now i want to access the IPCam Net from the LAN Net


regards,
Jürgen
July 27, 2022, 10:04:19 PM #3
Should be working already. The default installation has got an "allow all" rule for LAN. Devices on LAN can access everything including your camera network.

You need to set up DHCP for the camera network, otherwise the camera(s) probably won't get an address and a default gateway.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
July 28, 2022, 11:44:15 AM #4
Hi,
the internal routing works, but I can't access the Internet.

my Configuration

Fritzbox: IP 192.168.1.1/24
OPNSense:
WAN Interface 192.168.1.2/24
LAN Interface 192.168.168.112/24  dhcp for clients ON
OPT1 Interface(IPCam) 192.168.0.1/24  dhcp for clients ON

Internal routing between LAN<-> OPT1 OK

Outgoing LAN -> WAN -> FB doesn't work

Settings:
Disable outbound NAT rule generation - (outbound NAT is disabled)

FIREWALL: RULES: WAN
Action Direction      Protocol   Source   Port   Destination   Port   Gateway   Schedule   Description       
Pass      in          IPv4       *      *      *         *      *      *         *   

SYSTEM: GATEWAYS: SINGLE
   Name   Interface   Protocol   Priority   Gateway   Monitor IP   RTT   RTTd   Loss   Status   Description   
      WAN_Gateway (active)   WAN   IPv4   20 (upstream)   192.168.1.1      ~   ~   ~   Online   Interface WAN_Gateway

July 28, 2022, 12:08:13 PM #5
If you disable outbound NAT your Fritzbox needs two static routes:

Network: 192.168.168.0
Netmask: 255.255.255.0
Gateway: 192.168.1.2

Network: 192.168.0.0
Netmask: 255.255.255.0
Gateway: 192.168.1.2

if you do not control your Fritzbox because it belongs to your provider or some such, you must NAT.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
July 28, 2022, 01:58:52 PM #6
Hi,
thanks for the resolution. Now it works.

regards

Jürgen
Print
Go Up Pages1
User actions