OPNsense Forum

English Forums => General Discussion => Topic started by: Stormf0x on May 12, 2023, 01:28:33 pm

Title: No internet from lan in default configuration
Post by: Stormf0x on May 12, 2023, 01:28:33 pm

Hello Guys  :)

After some while I had to reinstall my OPNsense server.

First of all what is working:
- DHCP
- LAN Communication (OPNsense to a client no issues)
- OPNsense to Internet

What is not working:
- LAN to WAN
- LAN to Internet

Both of them cannot find a route, nor can ping successfully.
The Server is default configuration with:
WAN -> Public IP address (passthrough NIC from Proxmox)
LAN -> Private network (Proxmox Bridge)

I would appreciate help a lot.

Title: Re: No internet from lan in default configuration
Post by: sphbecker on May 12, 2023, 06:15:00 pm

I haven't done a lot of OPNsense fresh installs, but my memory is that the default setup should allow for internet access via NAT from LAN to WAN.

First question, is OPNsense getting isn't WAN IP from your ISP's DHCP? If so, then it looks like that passthrough NIC is working. If you had to do a manual configuration, then it may not be working as expected. Is that a hardware passthrough, or a bridged virtual NIC? If its a bridge, then make sure that Proxmox has no IP address configured on interface. If it is hardware passthrough, then Proxmox shouldn't see the interface at all while the VM is running, but you still want to ensure it doesn't have IP address while the VM is stopped.

For troubleshooting purposes, I would create firewall rules on all interfaces to allow all ICMP. Once you do that, trying pinging the WAN IP address from a LAN client. The results should point you to the next troubleshooting step.

If it replies, but you still cannot ping the public internet, that could be a firewall rule, routing table, or NAT configuration issue. Ping 1.1.1.1 and trace the packets on the firewall and see what is happening to them. If it shows they are being forwarded to the WAN gateway, then you have some kind of issue on your vNIC's bridging configuration. If it shows they are being dropped, then its an issue in your OPNsense config.

If the firewall replies with an error, then that is very clearly an OPNsense configuration issue, likely NAT or routing table.

If the ping requests time-out, check to ensure the OPNsense LAN IP is set as the client's default gateway. If it is, then check the firewall logs to see if it received those packets and if so, what it did with them.

You might try shutting down that VM and trying a fresh one with default configuration so see if the results are the same.