Routing issue between interfaces on opnsense firewall

Started by firewall_newbie, March 12, 2025, 01:37:05 PM

Previous topic - Next topic
Print
Go Down Pages 1 2 3
User actions
March 18, 2025, 09:56:37 PM #30
Hmm, I just noticed something else:
Per #14:
Quote from: firewall_newbie on March 13, 2025, 10:46:15 AM...
src: 10.28.140.50
destination: 10.10.30.13
if1: 10.28.140.49
if2: 10.10.30.2
...

Now looking at the source interface:
Static IP: 10.28.140.49/28
Gateway: 10.28.140.50
Routes: 10.28.140.48/28 & another

I can't even describe how strange that looks compared to a WAN gateway (trying to access a machine on my private network).

March 19, 2025, 08:30:42 AM #31 Last Edit: March 19, 2025, 08:41:15 AM by firewall_newbie
It is not strange at all if you try to dig in the requirement.

I have a host coming in on interface 777 with a target on interface 30. The gateway on 777 was configured to use it as a PBF for a specific host to route via gateway connected on 777.

It is routing and firewall rules that play which I assume are configured correctly. Firewall should already know about source and destination. The static routes configured are less preferred wrt subnet mask where firewall has more specific networks on it with a /24(VLAN 30) and /28(VLAN 777).

So for routing firewall will consider both source(10.28.140.50) and destination(10.10.30.13) as directly connected and forward packets. I don't think having a gateway tied to interface 777 would impact this routing decision.
March 21, 2025, 12:44:13 AM #32
Upstream or downstream?

The other case where I've had to define a gateway was when I temporarily reconfigured my internal OPN without NAT.
https://forum.opnsense.org/index.php?topic=45558.msg228062#msg228062
To route traffic back to it, I created a gateway on my edge OPN and manually routed the internal subnets to it.
Is 10.28.140.50 behaving as an internal router for the 10.200.0.0/16 network(s)?
Print
Go Up Pages 1 2 3
User actions