[SOLVED] Routing between two interfaces

[janfoo]

Hi all,

I'm new to OPNsense and tried my best to search the forum and the Internet. If I missed something or used the wrong search terms, kindly push me in the right direction so that I can improve my Google-fu.

I'm planning to have a management network from which I can administrate my OPNsense box as well as some other network equipment. I've dedicated a interface for that purpose with the interface IP 172.17.19.1/24. For that interface, I have a DHCP-server configured that assigns IP addresses for systems connected to that interface. I can ping the interface and access OPNsense's web interface.

A second interface (I don't have a switch) is dedicated to the other network equipment. The interface IP is 172.17.23.1/24. There is no DHCP-server configured, the network equipment has a static IP address assigned. I can ping the interface IP but I cannot reach the the host. When I perform a traceroute, the package is sent to the WAN-interface and from there to the internet which is obviously wrong.

From what I've read, I don't need or even should configure routes. How do I convince the my OPNsense box to forward packets with a destination IP 172.17.23.1/24 received by the management network interface to the other interface?
In my desperation, I even configured an "any, any, allow"-rule on the management network.

Thanks in advance,
Jan

[cookiemonster]

you could make a firewall rule for this but I imagine what you want to do instead is in System > Administration > Settings, there in Listen Interfaces, chose both.
What this does is will bind httpd to both interfaces. I imagine with auto and hybrid rules, one will be created automatically but I'm not actually sure.

[Seimus]

you could make a firewall rule for this but I imagine what you want to do instead is in System > Administration > Settings, there in Listen Interfaces, chose both.
What this does is will bind httpd to both interfaces. I imagine with auto and hybrid rules, one will be created automatically but I'm not actually sure.

Last time when I tried it I think it should add the interface into the auto rule. But I dont believe that this is his problem. The problem is he can not route across the Subnet/Subnets

Hi all,

I'm new to OPNsense and tried my best to search the forum and the Internet. If I missed something or used the wrong search terms, kindly push me in the right direction so that I can improve my Google-fu.

I'm planning to have a management network from which I can administrate my OPNsense box as well as some other network equipment. I've dedicated a interface for that purpose with the interface IP 172.17.19.1/24. For that interface, I have a DHCP-server configured that assigns IP addresses for systems connected to that interface. I can ping the interface and access OPNsense's web interface.

A second interface (I don't have a switch) is dedicated to the other network equipment. The interface IP is 172.17.23.1/24. There is no DHCP-server configured, the network equipment has a static IP address assigned. I can ping the interface IP but I cannot reach the the host. When I perform a traceroute, the package is sent to the WAN-interface and from there to the internet which is obviously wrong.

From what I've read, I don't need or even should configure routes. How do I convince the my OPNsense box to forward packets with a destination IP 172.17.23.1/24 received by the management network interface to the other interface?
In my desperation, I even configured an "any, any, allow"-rule on the management network.

Thanks in advance,
Jan

So basically what you want to do here is from a host in the management Subnet or IP you want to reach other hosts?

Also what is your management network?

Because from the way you explained it it sounds to me you have two a DHCP based one and a static based one.

Can you tell what is the source IP and Destination IP you try to access?
Can you show the trace outputs?
Can you show the rule configurations?

Because its weird that when you do a Trace you see a path towards internet. You are correct that you dont need a route for this, as long the HOST you are using wants to reach a Different IP network it needs only to know its GW. As long your GW has all the necessary routes installed in uRIB you should be able to reach your desired destination.

Can you show your routing table?
Are you configuring your Rules with RPL?


Regards,
S.

[janfoo]

Thank you both for replying. Your answers helped me to look closer and of course the error was in front of the keyboard. I made three mistakes. (At least that's what I'm thinking since I made lots of configuration changes so it was hard to track all changes...)

1. The routing towards the Internet was caused by a misconfiguration of my old equipment. (I'm setting up my new OPNsense behind my old setup so that I can learn how things works and once I'm ready, I'll tear down my old setup.)

2. My second interface had an /32 net and not /24 as I intended.

3. I tried to ping interfaces without an ethernet cable connected to it. Therefore the port was down and it seems you cannot ping the interface IP of port that is down. That led to some assumptions on my side that were wrong.

So in summary it works as intended without any routes.
Thanks again for your replies, helping me to see through the mess I've created.

Cheers,
Jan

[Seimus]

Great!

Happy to hear our joined nabbing helped you to solve the problem.

Overall reading your points, yes this what you describe definitely caused problems you were seeing. And you are correct on the point if Interface is down on a device you can not ping it from the device it self. In order to be able to locally ping an Interface (meaning from the same device) it needs to be UP.

P.S. Please flag the topic as [Solved].

Regards,
S.

[janfoo]

Thanks for the reminder. Hope I did it correctly.  :)