I am not very experienced with networking and as I build out my services on prem I have come to this community for help and support.
I have done a lot of reading about subnets and masking and the like and I semi-understand how it works and what I want to do but I don’t know how to actually do it.
Thanks to this community I have a OPNSense Router that I installed on a desktop computer where I purchased a 2x1gb NIC to install. I’ve learned how to open ports and how to NAT/forward even with reflections for my https local services.
I just can’t figure this out. I drew my network topology and put it here: https://imgur.com/a/XY8V5Sl
My wired network is 192.168.1.0/24 meaning 255.255.255.0. My wireless is Google Nest Wifi which limits me a bit. It is using 192.168.86.0/24. The gateway for both networks is my opnsense router 192.168.1.1.
I want to create a route between 192.168.86.0/24 and 192.168.1.0/24. I believe one way to do it is to use 255.255.0.0 meaning /16 but I don’t know where to make that change and since the Google Wifi uses its own DHCP, i am not sure I can change that properly.
My preference is to leave Google Wifi alone (its a piece a shit, by the way, don’t buy it) and my expectation is that I can create a route in opnsense to ‘bridge’ the two different subnets.
Am i correct? If not, can you help me understand? If i am correct, can you guide me?
This is a different problem. But when you configure a competent DHCP server, you tell it to give out a bunch of information to the client, not just an IP address. It should tell it IP, subnet, gateway, DNS server IP and default domain name. (in opnsense most of this is default so you dont have to actually configure it - hit the (i) button and it will tell you. Example for domain name: “The default is to use the domain name of this system as the default domain name provided by DHCP. You may specify an alternate domain name here.”)
Then on top of that google devices are notorious for ignoring DNS (ahem chromecast, etc) and want to use 8.8.8.8. This is because google does all sorts of non-DNS buggery on those devices, for example checking and pushing updates). Chrome on you PC could well be doing this as well, but it shouldnt it should be honouring your NICs config. However I don’t for a second doubt that Chrome is preferring DoH to somewhere like 8.8.8.8 first.
You will need to create a rule to enforce your local DNS server and block all other outgoing attempts.
To do this create a NAT rule port forward -> set the interface to LAN ,set the destination to LAN net and INVERT. Then destination port to DNS. Finally redirect target to your DNS server (127.0.0.1 for your opnsense) and DNS port (53).
This NAT rule says any DNS NOT headed to the LAN network must be redirected to the DNS server in your LAN.