OPNSense with inline broadband router

Started by signup@mattstanding.co.uk, October 09, 2025, 12:41:15 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
October 09, 2025, 12:41:15 PM
Hi Forum,

I've just built my first OPNSense appliance and needs some pointers on a very basic setup. I'm chained (due to rural infrastructure) to a BT Broadband HomeHub (192.168.1.0/24 - LAN), and I'd like my Proxmox vms (192.168.2.x/24) to be able to get out to the internet using a a different VLAN. Am I correct that I would need to configure the following on the OPNSense appliance:

- WAN Port: Set IP address to 192.168.1.x/24, allow private networks
- LAN Port: Set IP address to 192.168.2.x/24
- Add a gateway address for the LAN IP of the broadband router?

Would  need to do anything else?

Thanks all for you help and suggestions in advance!
Matt
October 09, 2025, 12:51:28 PM #1 Last Edit: October 09, 2025, 12:53:47 PM by meyergru
That depends on how you want your LAN network to be addressed from the ISP router. It does not know about 192.168.2.0/24 and thus will not route anything back there, unless you either: a) create a route over your OpnSense WAN iff your ISP router can do that or b) use NAT on OpnSense to hide all of 192.168.2.0/24 behind OpnSense's WAN interface IP (which is known to your ISP router).

Generally, router-behind-router scenarios are discouraged, because they create several problems (like with port-forwarding, accessing services like Wireguard and others).
Intel N100, 4* I226-V, 2* 82559, 16 GByte, 500 GByte NVME, ZTE F6005

1100 down / 800 up, Bufferbloat A+
October 09, 2025, 12:53:26 PM #2
Also, you need a managed switch to use VLANs. The trunk with all tagged traffic goes from that on the switch to an OPN interface. On OPN you define your VLANs. And yes the WAN interface of OPN will have a 192.168.x.x. address in this setup.
If when you say VLAN you mean a separate network on a separate interface on your OPN appliance other than the LAN, then you're pretty much correct in that your proxmox interface will need to connect to that port on OPN.
This should help https://homenetworkguy.com/how-to/use-opnsense-router-behind-another-router/
Edit: writing at the same time as meyergru who was more succinct.
October 09, 2025, 01:06:06 PM #3
Thanks both, good points!

Have a managed switch and have a fairly mature homelab. Previous I used the same VLAN as my "home" network traffic to get out the internet. I've already tried add routes the BT router but it doesn't allow me to add routes for network address not assigned to it's own LAN port.

I'm not particularly fussed about the double NAT issues as I am not hosting any internal services that will require port forwarding. Is NAT (as suggested in option 2 of meyergru's post) something that needs to be explicitly configured on OPNSense, I thought it was enabled by default?

I'll review the link in your post too cookiemonster. Thank you both!
October 09, 2025, 01:13:03 PM #4
I did not notice the Proxmox part... do you want to run OpnSense as a VM under Proxmox? In that case, I refer you to https://forum.opnsense.org/index.php?topic=44159.0
Intel N100, 4* I226-V, 2* 82559, 16 GByte, 500 GByte NVME, ZTE F6005

1100 down / 800 up, Bufferbloat A+
October 09, 2025, 01:18:14 PM #5
Thanks meyergru, I'll review that post too.
October 09, 2025, 01:38:17 PM #6
All working!

I had to make one small change. I suspect the version on OPNSense in the guide is an older version. I didn't have an option to auto detect and uptream gateway on the WAN interface configuration.
I had to add the IP of my broadband WAN router in (not sure if this the correct way) as an entry in System > Gateways > Configuration. I was then able to select that entry in the OPNSense's WAN interface section "IPv4 gateway rules".

Thanks for guides both. :)
Print
Go Up Pages1
User actions