Converting from Cisco FPR1010 to OPNSense.

[fbeye]

Hello, I love my Cisco and have no issues with it but I like to explore and was curious about something.

Currently my DSL Router is in BRIDGE mode and my Cisco FPR does the PPPoE. I do have a Block of 8 static IP's (6 usable). My FPR1010 grabs the default IP x.x.x.182 which leaves x.x.x.177 to x.x.x.181.
Currently I have STATIC NAT's;

x.x.x.177 255.255.255.0 192.168.5.55
x.x.x.178 255.255.255.0 192.168.5.56
x.x.x.179 255.255.255.0 192.168.5.57
x.x.x.180 255.255.255.0 192.168.5.58
x.x.x.181 255.255.255.0 192.168.5.59

So naturally any host on the LAN that has those IP's have their specific WAN IP. Works fine
I also then of course of ACL's/firewall to allow ports on those hosts.

I will say that the Subnet/DHCP Server on the Cisco is 192.168.1.0. So, GE1/2 (192.168.1.1 (FPR)) connects to a L3 Cisco Switch. On the Switch, GE 1/1 is 192.168.1.2. I then have a PBR on the switch and a subnet 192.168.5.0. So, 192.168.5.0 has access to the Internet via GE 1/1 (192.168.1.2) which leads back to the Cisco FPR. Also, the FPR does have a route '192.168.5.0 255.255.255.0 192.168.1.1'.
Everything works as I want it.
I have a FPR subnet going to a different Subnet on the Switch because I do want my 192.168.1.0 (other IP's on that subnet) not part of the 192.168.5.0 subnet. I have various reasons why, thugh maybe not all legit..

Anywho; Is this same set up doable in OPNSense?
I COULD simplify it and just make the OPNsense LAN subnet 192.168.5.0 just to eliminate more code, but I'd rather have it this way.

[mimugmail]

Yes it is,  for testing you can put WAN of OPN in 192.168.1 and spin up 192.168.6 behind it so you can run both parallel and test

[fbeye]

Hello!

I think I understand your meaning, but then I get confused thinking about it.
You mentioned 192.168.1.x for WAN, let us say 192.168.1.3. You mention create a new LAN 192.168.6.X. Are you suggesting I act like my WAN is an actual outside IP and the LAN is simply a new LAN, and I can create NAT to test? I guess I am lost as to how I would, if the Cisco FPR1010 is still in front of it. I apologize for my ignorance and I may be over complicating this.

Thank you!

[fbeye]

Alright so apparently I have failed.

1.) I set my WAN to PPPoE and I see it grabbed correct IP and DNS
2.) I made Virtual IP’s for the remaining 5 Usable IP’s (6th is WAN/Main IP)
3.) My LAN is 192.168.1.0
4.) I made an Alias Network 192.168.5.0/24 Network
5.) I made a static route ‘192.168.5.0/24 192.168.1.2’ (not being verbatim here)
6.) I made 5 1:1 NAT from each WAN to its respective LAN (Outside In)

I made NO entires for DNS beyond the dashboard page showing it grabbed the ISP DNS
I made NO entries for Forewall Rules on inside or outside. Unless there was a default “allow in to out”, I made none.
I made NO entries for NAT Inside to Out.

The point of my static route is that I have a Switch on the LAN side that hosts 192.168.5.0 Network, but the Opnsense LAN is 192.168.1.0 so I made the static route and on the Switch I have a PBR for 5.0 Network to access internet via 192.168.1.2 which leads back to Opnsense.

None of my Hosts can connect to the Internet. Can’t even ping outside my Internet. I’m going solely based on my Cisco knowledge here; I only had to make 1 static NAT, and it created reverse NAT as well.
Am I NEEDING to make “outbound” NAT as well as Firewall Rules to access the net? Do I NEED to set up DNS beyond the PPPoE grabbing my ISP name servers? Or is my config just wrong?
Please help!!!

[lilsense]

I think that you require a networking knowledge, sorry to be a bit blunt here... OPNsense can do everything FRR does and more...

When creating a network, you need to create a DHCP/DNS info on it. If you are planning on using a 1:1 NAT, then you would need to associate that with the network. But you should not forget that you only have one IP for your WAN, so you'd need to set up routes to send the traffic to the WAN.

[fbeye]

Trust me, I am fine with being told what’s what.
I have 1:1 NAT because aside from the 1 WAN IP I have 5 Servers running that require such, such as email servers on each of the hosts with their own domains etc.
Apparently I was indeed spoiled with the Cisco FPR cause really all I mentioned I did prior, was all
I did on Cisco and it worked. With that said, Cisco has more faults than not which is why I looked hard for a replacement and found OPN. When I set it up for fun solo, not worrying about the Block of IP’s I had internet etc, I think I messed something up with the configurations.
I guess what threw me off was, even the Host I was on that simply uses the OPN WAN IP didn’t access the Internet I kind of shrunk in my head.
What I will do is connect a host to the OPN default (192.168.1.0) Network and see if I have access. If I do then I messed up my NAT (s) with everything on the SG500X Cisco Switch using the 192.168.5.0 Network.
Yeah, I know I am jumping into some intense stuff and I agree I need More knowledge and I am watching YouTube videos and google searching like a crazy person!

[lilsense]

you may want to post a screenshot of one your 1:1 NAT's which may or maynot be setup the rite way!

[fbeye]

I apologize for the delay, I got your response at bedtime and off to work. I’ll show you pics of each screen just to play it safe, that I messed with. Thank you!

[fbeye]

Here are 2 replies with screenshots of all I have done.

thank you for your assisting me, I am eager to learn this stuff.

[fbeye]

2

[fbeye]

3

[fbeye]

4

[fbeye]

5

[fbeye]

6

[fbeye]

7