Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Setup for home
« previous
next »
Print
Pages: [
1
]
Author
Topic: Setup for home (Read 14133 times)
bobzbobz
Newbie
Posts: 3
Karma: 0
Setup for home
«
on:
October 25, 2017, 04:33:37 pm »
Hi
I have recently acquired an OPNsense appliance for my home network.
My setup will be:
Internet -> Fiber modem -> OPNsense FW -> Router -> LAN
.
My Router is an ASUS rt-ac68u - how should I configure this device, so that I am able to create (OPNsense) firewall rules based on the originating client(s) from the LAN:
- Will NAT need to be disabled on the WAN-interface (of the router)?
- and should I disable the built-in firewall?
- any other things I should look out for?
The router will control DHCP, Wireless, and internal routing.
OPNsense appliance will control FW rules, VPN-server (and other services).
Regards,
Soren
«
Last Edit: October 25, 2017, 04:48:46 pm by bobzbobz
»
Logged
chemlud
Hero Member
Posts: 2485
Karma: 112
Re: Setup for home
«
Reply #1 on:
October 25, 2017, 05:05:15 pm »
Double-NAT in general is not a good idea. Why do you think you need this ASUS-stuff first hand? :-)
Logged
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare
felix eichhorns premium katzenfutter mit der extraportion energie
A router is not a switch - A router is not a switch - A router is not a switch - A rou....
fabian
Hero Member
Posts: 2769
Karma: 200
OPNsense Contributor (Language, VPN, Proxy, etc.)
Re: Setup for home
«
Reply #2 on:
October 25, 2017, 05:09:18 pm »
If would recommend to remove the router and use a switch instead.
Do all the firewalling on OPNsense - DHCP etc. can also be done on OPNsense.
You might be more interested into an access point for WLAN which should be connected to the switch.
Logged
chemlud
Hero Member
Posts: 2485
Karma: 112
Re: Setup for home
«
Reply #3 on:
October 25, 2017, 06:02:35 pm »
...or turn off DHCP on the Asus and connect it via a LAN (!, not the WAN) port to the LAN (or an OPT net, if you want to keep the wifi part separeted) of your OPNsense. Assign a STATIC IP to the Asus, which is OUTSIDE the LAN/OPT net, then you have a wireless access point.
Doing this with an old Cisco "router/wifi/firewall" for years, working great.
«
Last Edit: October 25, 2017, 06:05:20 pm by chemlud
»
Logged
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare
felix eichhorns premium katzenfutter mit der extraportion energie
A router is not a switch - A router is not a switch - A router is not a switch - A rou....
bobzbobz
Newbie
Posts: 3
Karma: 0
Re: Setup for home
«
Reply #4 on:
October 25, 2017, 08:36:40 pm »
I do not have a switch, but the ASUS router has 4 interfaces.
The router can be set into "AP mode" (I guess the interfaces still work afterwards).
But if I do this - will the traffic between clients then have to cross the OPNsense appliance or does traffic flow within the switch (ASUS router/AP)?
I will be using latency sensitive services such as game streaming within the LAN and want the shortest route possible.
Logged
chemlud
Hero Member
Posts: 2485
Karma: 112
Re: Setup for home
«
Reply #5 on:
October 26, 2017, 10:57:29 am »
...the "LAN" interfaces (your 4 RJ45) on the consumer devices are a cheap switch, I use it that way on my Cisco router configured as a wifi access point as described above. So: should work! ;-)
Traffic inside the LAN goes directly to the client intended, why should it "flow trough" your router? :-)
Logged
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare
felix eichhorns premium katzenfutter mit der extraportion energie
A router is not a switch - A router is not a switch - A router is not a switch - A rou....
Ciprian
Sr. Member
Posts: 284
Karma: 50
Re: Setup for home
«
Reply #6 on:
October 30, 2017, 01:57:47 pm »
If you can configure your ASUS rt-ac68u router as an AP (as you mentioned upon) DO IT, and never look back! (!)
Most likely (99% certainty - to be checked by you, since I don't know this exact model of ASUS brand) you will get the following:
1. [And the most important] All your LAN (wired or wireless) clients will be networked and network managed directly by OPNsense
2. All your LAN clients will be directly seen by OPNsense, for reports etc.
3. All your LAN clients are treated equal in spite of being wired (connected to any of 4 RJ45 ports of your ASUS router) or wireless (Wi-Fi connected to your ASUS router) - only speed/ bandwidth difference between wired and wireless interfaces will be noticeable.
4. All traffic in-between your LAN clients (again, wired or wireless) will be switched/ isolated at ASUS router level, who will act as a full switch between RJ45 <-> RJ45, RJ45 <-> Wi-Fi, Wi-Fi <-> Wi-Fi, Wi-Fi <-> RJ45 clients - just check to be sure that ASUS router will not keep an option like "WLAN clients isolated" or so, after being set to AP mode - it shouldn't, but check if still present and enabled, since I was never convinced by the default settings logic of ASUS.
5. [Very important] All network services like DHCP, DNS, NAT etc. etc. etc. are not double present both at your OPNsense level AND at ASUS router level.
For a remote location I have some ASUS routers set like this, like AP, and all my clients, wired or wireless, are fully seen by OPNsense like all of them are directly connected to OPNsense.
Good luck!
PS Feel free to come back if you run into troubles. But you souldn't!...
Logged
xinnan
Full Member
Posts: 125
Karma: 13
Re: Setup for home
«
Reply #7 on:
October 30, 2017, 02:38:38 pm »
https://www.dd-wrt.com/wiki/index.php/Asus_RT-AC68U
https://www.dd-wrt.com/wiki/index.php/Wireless_Access_Point
Start where it says "long version" and do all the optional and recommended steps as well.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Setup for home