OPNsense Forum

English Forums => Tutorials and FAQs => Topic started by: Anth on September 25, 2020, 06:23:57 pm

Title: Updated Opnsense, now no Internet
Post by: Anth on September 25, 2020, 06:23:57 pm

Can someone possibly help with this. I have been using Opnsense for about a year perfectly fine.

Yesterday I used the internal updater, everything was seemingly fine afterwards, this morning however I suddenly cannot access the internet at all.

If I go to Interfaces>Diagnostics>Ping.

I can ping 8.8.8.8 from the WAN Interface. This comes back with 0% packet loss.
If I ping 8.8.8.8 from the LAN Interface however I get 100% packet loss.
If I ping Google.com from the WAN I get "# /sbin/ping -S '172.16.16.122' -c '3' 'google.com'
ping: cannot resolve google.com: Host name lookup failure

So it seems something is wrong with my LAN interface and DNS. But I am getting internet onto my WAN Any suggestions?

on my Firewall, for NAT I had always just left it as "Automatic outbound NAT rule generation (no manual rules can be used)". I hadn't messed with this at all.

Any suggestions to get the internet back on please?

Title: Re: Updated Opnsense, now no Internet
Post by: MandyBaxter on September 27, 2020, 06:36:40 pm

Anth,
Just a guess based on what you're describing, but does your "No Internet" issue pertain to WiFi clients hanging off an AP router?  If so --
https://docs.opnsense.org/manual/nat.html
near the top --
(!) Note
"The NAT rules generated with enabling NAT reflection only include networks directly connected to your Firewall. This means if you have >>> a private network separated from your LAN <<< you need to add this with a manual outbound NAT rule."

To expand this a bit, an internal subnet via an WiFi AP router is a very, very common use case that would need to be addressed via a manual outbound rule for the WAN port. 

So, go to
Firewall -> NAT -> Outbound
Select the radio button for ">>>Hybrid<<< outbound NAT rule generation." Click [Save]. Click [Apply].
Click [+Add] and add a manual rule to cover your WiFi subnet. Click [Save]. Click [Apply].

If this gets your WiFi clients the the InnerTubes, consider setting up a firewall alias for the WiFi subnet(s). Particularly, if you've got more than one such subnet, an alias can help keep things tidy.