[SOLVED] Is OPT1 The Third Interface a Must ?

[amithad]

Hi,

I'm building a transparent firewall and totally new to OPNsense. When I followed the OPNsense documentation pertain to Transparent Filtering Bridge (  https://docs.opnsense.org/manual/how-tos/transparent_bridge.html ) , and as soon as I followed the Third step of creating the bridge ; I was not able to access the LAN interface by typing http://192.168.1.1

Do I have to have three Ethernet cards (LAN, WAN and OPT1 ) to build a transparent firewall and configure it?

Thanks

[amithad]

My firewall setup is as follows:

Internet <-------->Firewall<--------->Transparent Firewall(OPNsense)<-------> LAN

[Micky]

No, 2 is enough. 1x LAN and 1x WAN

Gr. Micky

[amithad]

Hi Micky,

Thanks for your reply. Could you tell me why I was not able to access the management interface after creating the bridge?

Thanks again

[Micky]

Hi amithad,

i believe you don't need a bridge. Interface1 is WAN, Interface2 is LAN. Now you enable the Proxy. The Rules are creating automatic. Test it with manual Proxy (http Port 3128) in your browser, when ok you can enable the transparent proxy and check again.

[amithad]

Hi Micky,

Thanks a lot for your valuable information and time on my matter. I am implementing this OPNsense firewall to mitigate the drawbacks of my tire1 firewall which is I'm not allowed to change.

I'm planning to do this without changing the IP addresses of my LAN. I hope that the WAN interface and the LAN interface can apply the IPs of the same subnet on my OPNsense firewall!! I'll try your valuable information of the transparent proxy as well.

For further clarification I give my IP addressing plan below:

Internet<----> Tire1 Firewall's Internal IP (192.168.2.7/24)<----->OPNsense Firewall's WAN IP(192.168.2.6/24)===OPNsense Firewall's LAN IP ( 192.168.2.6/24)<------> LAN(192.168.2.0/24)

Since the routing function happens between Two subnets I doubts whether I can give the same subnet's IPs for my OPNsense firewall's WAN and LAN interface 

I hope I gave my requirement clearly...!!! I want to know whether it's possible to achieve it using OPNsense.

Thanks 

[Micky]

Good Morning,

i believe you need compelingly different subnets for WAN and LAN.

Gr. Micky

[amithad]

Good Morning Micky!

Thanks for the information. I'll try with your information.

Thanking you again 

[jschellevis]

FYI: I just updated to docs as there have been some changes since 15.7.11 that prohibit the filtering bridge to work with further configuration. See: https://docs.opnsense.org/manual/how-tos/transparent_bridge.html


I recommend to check each step again if thing do not workout as intended.

Cheers,

Jos

[amithad]

Hi Jos,

Many thanks for the information.

[amithad]

FYI: I just updated to docs as there have been some changes since 15.7.11 that prohibit the filtering bridge to work with further configuration. See: https://docs.opnsense.org/manual/how-tos/transparent_bridge.html


I recommend to check each step again if thing do not workout as intended.

Cheers,

Jos

Hi,

I followed the exact steps on the documentation. But after creating the bridge by combining the LAN and WAN interface I was not able to access the management interface

Thanks

[Noctur]

Thank you Jos, for updating the Wiki!

[amithad]

Hi All,

Finally I was able to manage to access the management interface (OPT1) after creating the bridge using LAN and WAN. But I did a slight change, since I failed Two times after following the exact steps on the documentation. I created the bridge at the end and allow all traffic to all interfaces as given in the documentation.

But now I'm facing a different issue. My LAN users are not able to access the internet. , My production firewall's LAN IP is 192.168.1.7 that IP is given as the default gateway to all my workstation on LAN. If I am right I dont have to change those since my OPNsense transperant firewall act in bridge mode.

What should I do to give the internet access to LAN users?

Thanks

[amithad]

Hi All,

I did a mistake while configuring the rules given on step 7. I just add an allow rule to the floating rules. I didnt apply allow rules to all the three interfaces (LAN,WAN,OPT1).

I have corrected those. I will try this on the production network and give the feedback. I APOLOGIZE for the mistake I have done.

 

[amithad]

Hi All,

I tried after giving allow rule, which stated on step 7 on the documentation for all the interfaces. Still my LAN users are not able to connect to the internet through the OPNsense transparent firewall. When I try to give the gateway, It doesn't allow to add the gateway on the WAN interface and it gives an error message.

My IP setup is as follows:

Internet <----> Production FW's Internal IP ( 192.168.1.7/24 )<-----> OPNsense FW(OPT1 IP is 192.168.1.8, LAN and WAN doesn't have IPs since it's bridged )<--------> LAN ( 192.168.1.0/24 )

All my LAN workstations have the default gateway as 192.168.1.7 and the primary DNS server as 192.168.1.10