Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Tutorials and FAQs
»
[Noob] WAN & LAN work fine. Best way to add SPF (OPT1) & switch into the mix
« previous
next »
Print
Pages: [
1
]
Author
Topic: [Noob] WAN & LAN work fine. Best way to add SPF (OPT1) & switch into the mix (Read 354 times)
HeneryH
Newbie
Posts: 4
Karma: 0
[Noob] WAN & LAN work fine. Best way to add SPF (OPT1) & switch into the mix
«
on:
November 01, 2024, 05:52:12 pm »
Total noob, Basic install went well. I see my interfaces WAN, LAN and my extra OPTx for my extra nics. WAN and LAN are working fine on the default 192.168.1.x range.
Groovy.
Now I want to connect a basic SPF switch to expand my capacity and partion off my IoT devices into a secure vlan.
Forgetting the secure vlan stuff for a moment... How do I get my devices plugged into the SPF switch to have internet access.
This is what I did so far.
My LAN is fine and is using static 192.168.1.1 and has the default DHCP service and rules configured.
Eidted the Optx interface to give it a static IP of 192.168.10.1 and replicated the DHCP and rules for OPTx. The DHCP range for SPF just used the 192.168.10.x range.
A computer connected to the switch and is getting an IP assigned of 192.168.10.10.
But... that computer cannot get to the internet.
Am I missing something silly?
«
Last Edit: November 01, 2024, 05:58:57 pm by HeneryH
»
Logged
Patrick M. Hausen
Hero Member
Posts: 6923
Karma: 583
Re: [Noob] WAN & LAN work fine. Best way to add SPF (OPT1) & switch into the mix
«
Reply #1 on:
November 01, 2024, 06:03:42 pm »
Yes, a firewall rule allowing access on OPT1.
Clone the rule on LAN, change interface and source accordingly.
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
HeneryH
Newbie
Posts: 4
Karma: 0
Re: [Noob] WAN & LAN work fine. Best way to add SPF (OPT1) & switch into the mix
«
Reply #2 on:
November 01, 2024, 06:15:57 pm »
Hmm, thought I did that and the machine on the new switch got a proper IP address but could not get to the internet.
Thank you.
I'll double check to look for mistakes. I was wondering if I missed a step.
Logged
Patrick M. Hausen
Hero Member
Posts: 6923
Karma: 583
Re: [Noob] WAN & LAN work fine. Best way to add SPF (OPT1) & switch into the mix
«
Reply #3 on:
November 01, 2024, 06:16:34 pm »
DHCP is permitted by automatic rules. Internet access isn't.
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
HeneryH
Newbie
Posts: 4
Karma: 0
Re: [Noob] WAN & LAN work fine. Best way to add SPF (OPT1) & switch into the mix
«
Reply #4 on:
November 01, 2024, 07:15:36 pm »
I think I had a simple wrong setting in my rules. Copied a little too much verbatim from LAN to Opt1. I'll test once my wife isn't at the computer so she doesn't yell at me for dropping the network again :-)
Thank you.
Logged
EricPerl
Full Member
Posts: 108
Karma: 4
Re: [Noob] WAN & LAN work fine. Best way to add SPF (OPT1) & switch into the mix
«
Reply #5 on:
November 02, 2024, 09:12:13 pm »
Note that simply copying the default LAN rule over will also allow devices on the OPT1 side to access devices on the LAN side (and vice versa, but that's likely fine here).
If you strictly want Internet access:
* Create an alias for your IP ranges that IoT devices should not access (or use LAN network in the following step)
* Create an OPT1 FW in rule to allow OPT1 network to access !<alias>
* Create an OPT1 FW in rule to allow OPT1 network to access port 53 (DNS) on OPT1 address.
FWIW, nothing you do on the OPT1 side should mess with your existing LAN connectivity.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Tutorials and FAQs
»
[Noob] WAN & LAN work fine. Best way to add SPF (OPT1) & switch into the mix