Hello all,
I have the following setup:
Internet -- ISP modem -- OPNSense -- l3 switch
ISP modem - OPNSense subnet : 192.168.178.0/24 (.1 <-> .252)
OPNSense -- L3 Switch 10.34.10.0/24
L3 Switch - 10.34.0.0/16 (several VLANs).
I've added FW rules to allow 10.34.0.0/16 (added routing and gateway too) to any but traffic gets blocked by "Default Rule". I've made it more specific by adding /24 subnet rules but traffic stays blocked. I've searched through OPNSense and PFSense posts but I cannot get a right answer why something pretty obvious gets blocked. Am I missing NAT rules (it's double NAT, yeah not perfect but it works)? I've disabled blocking RFC1918 en bogon networks.
At the moment I use an ASA 5505 and that works but as soon as I switch the default route to the OPNSense FW (on the L3 switch) the logs fill up with block spam.
I must be overlooking something but I do not see it at the moment.
With kind regards,
Marcel Tempelman.
Are you allowing RFC 1918 on your WAN interface? Interfaces, WAN, make sure 'Block private networks' is unticked.
Bart...
If you want OPNsense to perform NAT for subnets other than those of its LAN interfaces, you need to add manual outbound NAT rules.
Thx Maurice ! That was what fixed it. I was still using the automatic setting. Just added a NAT rule for my 10.34.0.0/16 subnet and it worked !
with kind regards,
Marcel Tempelman