Network Discovery across lan ports

Started by lmnsour, November 20, 2022, 08:34:09 PM

Previous topic - Next topic
Print
Go Down Pages1 2
User actions
November 20, 2022, 08:34:09 PM
Hi, I have a 6 port firewall PC. How do i configure Opnsense to allow PCs on seperate Lan ports discovery each other in Windows  Network?
November 21, 2022, 02:24:51 AM #1
Would I need to bridge all the LAN ports together?
November 21, 2022, 03:42:45 PM #2
Im still new at this and would appreciate any help.  Attached is my network map.  The issue is my laptop can see all the other devices connected through the wifi access point but I can't see any device connected through a different LAN Port on the Opnsense firewall PC.

I just added the OMV NAS and I'm trying to share the drive across all the ports.  Thanks.
November 21, 2022, 05:00:37 PM #3
If you do not want to isolate your PCs from each other but simply have a "flat" network, then yes, a LAN bridge is the way to go. Don't expect too much performance-wise, though. OPNSense is not a switch and you might be better off getting a cheap but reliable gigabit switch and only connect one OPNsense LAN port.

The LAN bridge is documented here:
https://docs.opnsense.org/manual/how-tos/lan_bridge.html
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
November 21, 2022, 05:56:06 PM #4
Quote from: pmhausen on November 21, 2022, 05:00:37 PM
If you do not want to isolate your PCs from each other but simply have a "flat" network, then yes, a LAN bridge is the way to go. Don't expect too much performance-wise, though. OPNSense is not a switch and you might be better off getting a cheap but reliable gigabit switch and only connect one OPNsense LAN port.

The LAN bridge is documented here:
https://docs.opnsense.org/manual/how-tos/lan_bridge.html

Ahh, thanks!  I'm trying to keep it to the firewall 2.5Gbps ports (both PC and NAS are 2.5). 

I'll see if I can snag a cheap 2.5Gbps port this black Friday.  If not, I'll give my hand at bridging the ports.  It's an i7 1165G7 so it's not a slow PC as far firewall standards go.
November 21, 2022, 06:19:13 PM #5
November 22, 2022, 02:34:06 AM #6
Quote from: lmnsour on November 21, 2022, 05:56:06 PM
Quote from: pmhausen on November 21, 2022, 05:00:37 PM
If you do not want to isolate your PCs from each other but simply have a "flat" network, then yes, a LAN bridge is the way to go. Don't expect too much performance-wise, though. OPNSense is not a switch and you might be better off getting a cheap but reliable gigabit switch and only connect one OPNsense LAN port.

The LAN bridge is documented here:
https://docs.opnsense.org/manual/how-tos/lan_bridge.html

Ahh, thanks!  I'm trying to keep it to the firewall 2.5Gbps ports (both PC and NAS are 2.5). 

I'll see if I can snag a cheap 2.5Gbps port this black Friday.  If not, I'll give my hand at bridging the ports.  It's an i7 1165G7 so it's not a slow PC as far firewall standards go.
Will the MDNS plug-in work?
November 22, 2022, 05:46:48 AM #7
mDNS didn't work and UDP Broadcast Relay didn't work (port 445).  I'd really like to avoid purchasing a $120 switch.
November 22, 2022, 09:37:54 AM #8
Just create a LAN bridge then following the documentation.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
November 22, 2022, 04:26:13 PM #9
Quote from: pmhausen on November 22, 2022, 09:37:54 AM
Just create a LAN bridge then following the documentation.

I'll look it over tonight.  That will be plan B but I'd like to try UDP Broadcase Relay a little more.  Plan C would be a switch.
November 22, 2022, 08:55:47 PM #10 Last Edit: November 22, 2022, 08:58:27 PM by lmnsour
Ok, I'm reading through a lot of things and my eyes are crossing.  Its hard to read "tutorails" for Opnsense when they assume you have an advanced working knowledge of what you're doing.

Option A (UDP Broadcast)

This looks like the best option (and easiest - I don't want to give up on this yet) as I can keep my traffic shaping / Zen armor policies.  Once enabled, are there other policies / firewall rules that I need to set to make it work? 

Option B (LAN bridge): I need to create a bridge for LAN port 1, 2, and 3.

Once I setup the bridge, how do I setup QoS / traffic shaping to prioritize LAN port 2 (PC) first, followed by LAN Port 3 (OMV NAS), and lastly LAN Port 1 (Wifi Access point).

I have two separate Zenarmor policies for LAN Port 1 and 2.  When I make a bridge, will these policies still be valid or will I have to reconfigure? 


Option C (Network Switch): Similar issues:  How do I setup QoS and Zenarmor policies?



Is there a Opnsense Discord where I can talk through some of these concerns?

Thanks again for the help!
November 22, 2022, 09:53:09 PM #11
If you setup the LAN bridge the devices will be able to communicate with each other as if they were connected with a switch. The OPNsense does not have any say in that part of the communication.

As soon as any device communicates with something that is on another interface (WAN probably) of the OPNsense you can of course apply QoS, Zenarmor, etc. based on the devices IP address or MAC address. You cannot setup policy per port because you have only one LAN "port" (the bridge).

But that's how it's supposed to work.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
November 22, 2022, 10:06:49 PM #12
Quote from: pmhausen on November 22, 2022, 09:53:09 PM
If you setup the LAN bridge the devices will be able to communicate with each other as if they were connected with a switch. The OPNsense does not have any say in that part of the communication.

As soon as any device communicates with something that is on another interface (WAN probably) of the OPNsense you can of course apply QoS, Zenarmor, etc. based on the devices IP address or MAC address. You cannot setup policy per port because you have only one LAN "port" (the bridge).

But that's how it's supposed to work.
Zenarmor is easy enough to configure based on MAC.  Its pretty user friendly.  Opnsense is not.  Even their tutorial does not show to to configure QoS via MAC / IP.  I'll look it over when I get home tonight.

I'm still stumped on the UDP Broadcast Relay and why thats not working.  Everywhere I've read says that its just enable and go.  I'll post a screen shot of how I have it enabled tonight.
November 22, 2022, 10:35:39 PM #13
Do you have "permit all in" rules on all your LAN ports? If yes, what's the point of not using a LAN bridge? If no, you need to explicitly permit all traffic you want to relay via UDP Broadcast Relay. Simply enabling the function does not change the firewall rules.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
November 23, 2022, 01:59:48 AM #14
Quote from: pmhausen on November 22, 2022, 10:35:39 PM
Do you have "permit all in" rules on all your LAN ports? If yes, what's the point of not using a LAN bridge? If no, you need to explicitly permit all traffic you want to relay via UDP Broadcast Relay. Simply enabling the function does not change the firewall rules.

Yes, I have the Permit all rule for all ports.  No other firewall rules for the lan ports.

I'm not against a LAN bridge, I just want to try the UDP Broadcast first. 

I don't know how to configure QoS via MAC (yet, I'm looking) and I'd rather not load the CPU unnecessarily.  But yes, if I can't get the UDP Broadcast to work, I'll go ahead and bridge the ports. 
Print
Go Up Pages1 2
User actions