Default Gateway for WAN and Automatic Outbound NAT

Started by myksto, March 22, 2018, 09:11:35 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 22, 2018, 09:11:35 AM Last Edit: March 22, 2018, 03:12:58 PM by myksto
Hi.
Here's my OPNSense 18.1.5 configuration (ip are not real of course):

  • WAN: public ip 88.40.191.10/29
  • LAN: 192.168.59.0/24
  • DMZ: 192.168.10.0/24
GW is a Huawei router whose address is the first available public address of my public pool: 88.40.191.9/29.
I inserted the GW ip address as the default GW in OPNSense gateways.
WAN cable of OPNSense is plugged in a port ot the Huawei router.
OPNSense WAN ip and Huawei router ip are in the same public subnet (/29) of course.

Well I found these strange behaviours (or better I think there're strange but maybe they're not):
if I ADD the "upstream gateway" (Huwaei router IP) in WAN interface OPNSense can't reach that gateway so no internet connection can be established, nothing at all.
if I DON'T ADD add the "upstream gateway" in WAN interface OPNSense can reach the gateway but noone in private networks can surf because the automatic OUTBOUND NAT rules are empty. If I manually add my private networks in OUTBOUND NAT everything is fine.

My questions are:

  • why my GW is unreachable if I add it in upstream gateway of the WAN interface? I mean, is it not correct to insert it there?
  • Why no outbound nat rule are automatically created if no upstream gw is set on WAN?
  • What is the default/correct practise in these cases?

Thanks a lot, Michele.
Print
Go Up Pages1
User actions