Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
VLAN routing
« previous
next »
Print
Pages: [
1
]
Author
Topic: VLAN routing (Read 788 times)
orsomannaro
Newbie
Posts: 10
Karma: 0
VLAN routing
«
on:
February 01, 2023, 09:59:11 am »
In my DMZ I have a VPS running a mail-server and I want to reach its webmail interface even through a VLAN subnet.
So, on OPNSense I created the "vSrvDMZ" VLAN with DMZ as "Parent" and in the VPS I add a NIC attached to it.
OPNSense Live View shows me that when I try to connect to webmail from LAN using the IP address of the VLAN interface, the network traffic successfully reaches the mail server through the VLAN interface but comes back through the DMZ interface, correctly using the default gateway of the VPS.
I'm in doubt as to what is the correct way to handle this thing. Natting traffic on OPNSense? Or is it possible to configure the NIC of the VPS to forward traffic from the VLAN through the same VLAN?
Thanks for any help.
Logged
WaffleIron
Newbie
Posts: 17
Karma: 3
Re: VLAN routing
«
Reply #1 on:
February 02, 2023, 03:15:20 am »
Hi orso,
Its difficult to picture what your problem is, sounds like traffic is flowing the way it should. If you can provide screenshots would be helpful.
I'm envisioning a setup similar to the attached image on the left. If you are just trying to have your LAN devices access the VPS on TCP/25 (or whatever) all you need is a firewall rule on the LAN and you are done so long as the VPS has opnsense setup as its default gateway.
If you are trying to allow internet access to VPS on TCP/25 its a little more complex but easy enough. Create a NAT/port forward rule for any traffic hitting your WAN interface on TCP/25 and redirect it to 10.2.2.2. (Attached on right.) You also need to create a WAN firewall rule allowing Any to 10.2.2.2 on TCP/25.
If you are just trying to get VPS internet access (or general network connectivity) you need to make sure the VPS has its default gateway set to the opnsense IP for your dmz zone, proper rules are created on the dmz zone, and your outbound NAT statement includes the VPS subnet in the source (attached on bottom right)
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
VLAN routing