Routing WLAN_Clients (privat IP) through WAN to Opnsense Subnet

[Horst]

Question to the professionals - unfortunately I can't do it and would ask for help

Initial situation: Router Fritzbox 7590 with ADSL
                   (Wlan + Lan 192.168.1.0/24)
                   

Opensense uses the Fritzbox with the IP 192.168.1.82 as gateway to the Internet
                                     IP 192.168.0.0/24 is the internal LAN behind Opnsense

In the meantime, everything works perfectly in our office in the LAN, but there would have to be 3 notebooks which are in the WLAN
( IP 192.168.1.200 / 192.168.201 ... ) route - naten - forward ?? to intern Lan Pc

It would be ideal to pass the WLAN clients completely through to the entire LAN.

alternative

SMB(445) & NFS(2609) to 192.168.0.100


192.168.1.200  ----- >  Opnsene 192.168.1.82   >>> to 192.168.0.100 
192.168.1.201  ------>
192.168.1.202  ------>

After hours of failure - I ask for help or a tip or example

Thank you thank you
horst

[Horst]

Hi to all

I think i have a mistake in reasoning or I misunderstood something. I can't (a few hours today) ping a client from the subnet or get access.

I only want 3
192.168.1.200  ----- >  Opnsene 192.168.1.82   >>> to 192.168.0.100
192.168.1.201  ------>
192.168.1.202  ------>

it can't be so difficult

[EdwinKM]

No professional, but i can try....

So your internet is infra is like:

internet <- adsl box + wireless <- opnsense <- lan

You now seem to have a 192.168.1.0/24 and 192.168.0.0/24 subnet.
1 at the adsl box and 1 at the opsense box.


Why this strange setup? (double NAT).
The Opnsense WAN is assigned 192.168.1.82? This seems selected by DHCP. Normally you would set it static to .2 or something.

First of all i would recommenend to make a choice:
* Remove the fritzbox completely. Make OPNsese the edge router/firewall. Connect the LAN port to a switch. Buy a WIFI AP and connect it to the switch. If you want to put the WIFI clients on another subnet a VLAN aware switch is recommended.
* If the Fritzbox is a ADSL modem and really needed then try to enable "bridge" mode. So this will disable the routing part. OPNsense WAN should get a real "internet" IP.


ps: if this is a company with private documents maybe you should consider hiring a professional. Should WIFI clients (guest) be able to connect to everything on the lan?!

This guy also explained some things: https://homenetworkguy.com/how-to/use-opnsense-router-behind-another-router/

[Horst]

Hi EdwinKM

Thanks for your answer and your help.
My problem is , i have a second FW - Kerio on the same router. In the Kerio FW this is much easier to solve than in the opnsense.
But in the meantime I have already found a solution that allows the 3 clients to come into the sublan via nfs. (Why easy when there is a complicated way!)

[EdwinKM]

Sure, it is fine if you want to learn for a home setup. Network professionals for companies will know when multiple routers are needed. (i am a home tinkerer myself).

But even for a small company i would:
* Wifi guests on a separate (vlan) subnet
* employees with wifi using RADIUS (eap TLS). Certificate per person
* Lawrence on Youtube has many informative movies about pfSense. The concepts and things are quite similar with OPNsense.