Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Traversing 2 OPNsense to access the Internet is not working
« previous
next »
Print
Pages: [
1
]
Author
Topic: Traversing 2 OPNsense to access the Internet is not working (Read 812 times)
Baliste
Newbie
Posts: 47
Karma: 7
Traversing 2 OPNsense to access the Internet is not working
«
on:
February 01, 2023, 04:56:09 pm »
Hello,
I usually use OPNsense as the only firewall, and it always works great & fine.
I wanted to increase the security of some file servers and put them behind a second OPNsense with firewall rules access.
The file servers behind the second OPNsense are reachable on both LAN, but they can't access the Internet.
Internet <-> OPNSense-1 <-> Main LAN (192.168.64.0/18) <-> OPNsense-2 <-> Secured LAN for File Servers (10.0.200.0/24)
Everything is working fine on the main LAN.
From the main LAN I can access the Secured LAN with the correct rules on OPNsense-2, so it works fine for me.
From the Secured LAN I can access the DNS servers on the main LAN.
But the File Servers on the Secured LAN are unable to access the Internet, they could need it for software update or licensing purpose. The main OPNSense should block this traffic.
This double LAN configuration is new to me...
I set a new gateway and a route on the main OPNsense-1 so he will know how to access 10.0.200.0/24 network, but it is not enough.
I suspect the first OPNsense to reject the network traffic for 10.0.200.0/24 network as his network is 192.168.64.0/18.
Do you have any clues ?
Thanks for your help,
Frédéric
Logged
WaffleIron
Newbie
Posts: 17
Karma: 3
Re: Traversing 2 OPNsense to access the Internet is not working
«
Reply #1 on:
February 02, 2023, 02:52:29 am »
Hi Baliste,
You need to configure some routing between your boxes. You can do this easily enough with static routes.
Look at the routing table in opnsense1. Willing to bet it doesn't have 10.0.200.0/24 in it.
Opnsense2 only needs a default route/gateway pointing to the LAN ip address of opnsense1 (I assume 192.168.64.1).
Let's say opnsense2's WAN address is 192.168.64.100. In opnsense1 create a static route for 10.0.200.0/24 pointing to 192.168.64.100 and you should be good.
Make 192.168.64.100 a gateway
System --> Gateways --> Single
Create a route for 10.0.200.0/24 pointing to opnsense2
System --> Routes --> Configuration --> add new
Network address: 10.0.200.0/24
Gateway: 192.168.64.100
Only other thing to call out, make sure NAT is disabled on opnsense2.
May the schwartz be with you.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Traversing 2 OPNsense to access the Internet is not working