let out anything from firewall host itself - but is false

[mark.migliorini]

Hi ,

I'm new to opnsense ,  i'm trying to configure a test vm machine

But i can't  do a simple thing.

My configuration is vmware esx 6.5

vm test opnsense   LAN 172.22.199.26 /24   WAN Public IP  whit is Outside  Gateway   
                             route 172.22.201.0/24 using 172.22.199.1 as internal gateway

core switch ( routing )  vlan 199  - 172.22.199.1
                                  vlan 201  - 172.22.201.1
                                  ip route 0.0.0.0  0.0.0.0 172.22.199.26

test pc machine 172.22.201.121 / 24  whit gateway 172.22.201.1


from 172.22.201.121 can reach correctly 172.22.199.26 , but is impossible to reach outside internet
i try to make all sort of rules  , * *  any from any to any ecc , specific rules from 172.22.201.0/24 to  ecc.
but no way , no internet from opnsense .

From firewall log is see this :
   wan   Apr 11 16:31:32 172.22.201.121:59435   217.72.40.21:80   tcp   let out anything from firewall host itself

What i miss , normally whit Endian o Sophos firewall o Fortigate whit similar configuration i have no problem


P.S.
Other strange thing
I make a open vpn server config , and i can reach alla internal vlan whit no probleam..

Thanks Mark

[mark.migliorini]

No help?

[5v3n]

Sounds like you need to configure route on "outside" to point to the net behind the OPNsense?

[hbc]

No help?

Missing NAT rule? outside gateway with private ip and block private in opnsense wan? Missing reverse route.

Test PC routes to core 172.22.201.1, core routes everything unknown to opnsense 172.22.199.26, opnsense route everything unknown to outside gateway. Outside gateway seems to have private ip in network 172.22.199.0/24.

So first you must enable RFC1918 networks on opnsense wan and your gateway needs either a reverse route to 172.22.201.0/24 or you must masquerade your internal networks to your opnsense wan ip.