News:

Welcome to the Home Network Guy forum!

Main Menu

Newbie Q -How to use OPNs to find IP address of divices

Started by JiveTalking, August 29, 2021, 02:57:50 PM

Previous topic - Next topic

JiveTalking

Hello -

Can you talk a bit (maybe even an article) about IP addresses, subnets, why I see two WAN coming from my ISP, beginner stuff like that?  I see many devices attached, but cannot figure out who is who.  I could using my off the self router before because the hardware names were listed along with MAC address - in OPNs it's just IPs...

Thank you ~

Home Network Guy

Sure!

IP addresses are assigned to every device on the network including routers and network switches.

A subnet is a network which has one more devices. The modern notation used for IPv4 networks is called CIDR (instead of using Class A, B, or C networks). For home networks it is common to use the 192.168.x.x addresses so a subnet could be defined as 192.168.0.0/24 or 192.168.1.0/24, etc. The /24 indicates that the last digit can be used for device addresses so for 192.168.0.0/24, you can have devices assigned to 192.168.0.1-192.168.0.254 (.0 and .255 are reserved for special use such as network broadcasts).

In OPNsense, you will see 2 gateways by default if IPv6 is enabled. One gateway on the WAN is used for IPv4 and the other is IPv6. IPv6 is the new protocol for IP addresses that allows for a much greater amount of IP addresses than IPv4. It is ok to have both enabled. Sometimes devices/software will prefer to use the newer IPv6 protocol if it's enabled. You have to keep that in mind when creating firewall rules. If you want to restrict the traffic for both IPv4 and IPv6 network traffic, you need to apply the rules to both protocols.

If you wish to see the names of the devices, you need to set the option to "register DHCP leases" and "register DHCP static mappings" on the "Services > Unbound DNS > General" page. This doesn't always guarantee you will see the hostname. I've had some devices not show up but most do. If you really want everything named better, you could create a static DHCP mapping for a device (once you have identified it) and you can set an IP address (outside of your DHCP IP address range you have set for the network) and a hostname. Sometimes the manufacturer will show up below the MAC address which could possibly help identify devices. Most devices provide a way for you to view the IP address (and sometimes the MAC address). That will help you find out which device has which IP address.

Please let me know if this info helps and if you have more questions!

JiveTalking

Quote(.0 and .255 are reserved for special use such as network broadcasts).

Oh, this explains why when I was setting the DCHPv4 FW rule for my em2 I got an error :D Thanks for explaining!

QuoteSometimes devices/software will prefer to use the newer IPv6 protocol if it's enabled. You have to keep that in mind when creating firewall rules. If you want to restrict the traffic for both IPv4 and IPv6 network traffic, you need to apply the rules to both protocols.

Hum.... even if I un-enabled IPv6 on OPNs? 
I do not want to eliminate IPv6 I just want to block/stop it for now, while I'm learning.  I know it's the next great thing, but I what to start old-school while I learn about it all.  Newer-ish tech always brings new security issues, and I don't want more to learn about just now.

"register DHCP leases" - Your reply regarding this helped me a lot! 
I printed out the tables under Interfaces: Diagnostics:, and have sussed out all my currently plugged in devices via their IP's and their subnets.   I just have 2 IP's which I'm guessing are IPv4 & IPv6 from my ISP or something similar.  I may, after I pass Firewall rules swamp, actually follow your steps and map them.

Thank you ~



Home Network Guy

You can disable IPv6 entirely by going to the "Firewall > Settings > Advanced" page. It's the first option.

Devices/software will only prefer IPv6 if it's enabled on your network since it cannot communicate via IPv6 if it's disabled.

JiveTalking

I have done that, disable it from that location, and it's so good to know that outsiders won't be using it's features on my network while I learn - perfect.

Thanks again,

Home Network Guy

You're welcome. I had mine turned off for a while so it doesn't spam the firewall logs. I have it on now and where possible, I tried to update many of my rules to use IPv4+IPv6 so the rule will apply to both protocols because I want essentially the same firewall restrictions for both protocols. It doesn't always work out perfectly because some of my aliases refer to IPv4 only networks or IP addresses so it wouldn't apply to IPv6. However the broader rules which use the predefined network interface addresses should work for both protocols since OPNsense knows both addresses on the interface/network.