Hi there, hope you're OK in this difficult Covid-19 environment.
I installed OPNsense running on Proxmox on a dedicated machine with 4 NIC.
My home network is as follow (^v are representing links) :
ISP Fiber ONT (public IP)
^v
ISP Router/Wifi 192.168.0.254 (the ISP router is also a Wifi AP)
^v LAN1 Wifi 192.168.0.0/24
^v WAN OPNsense NIC1 192.168.0.31 (access authorized from private networks)
^v LAN2 OPNsense NIC2 192.168.3.0/24
^v Laptops and other mobile devices
^v DMZ OPNsense NIC3 192.168.2.0/24
^v VM1 Plex 192.168.2.18
^v VM2 Duplicati 192.168.2.16
^v VM3 ...
The situation:
- LAN1 and LAN2 access the Internet without any issue
- LAN2 access the DMZ without any issue
- Issue #1: DMZ can ping Google.com but:
- cannot open a web page, or cannot update my Linux VMs (apt-get does not work, on any of the 3 VM)
- Plex cannot connect to the Internet. The WAN interface denies access with a "default deny rule" that I suppose is because of a floating rule (that I can't delete!)
- Issue #2: LAN1 and Internet cannot access the DMZ (while it should, thru for example port 32400 for Plex)
Illustration of issue #1 for Plex (firewall log; the 86.xx IP is my public address, the xx.0.50 IP is my phone from LAN1, the xx.2.18 is my VM1 from DMZ):
cf. image #1
I have tried everything:
- many tries to NAT and FW rules
- enabling a DMZ on my ISP Router and directing flows to the OPNsense WAN address
- and many, many other things (cleared the states, tried Outbound NAT auto reflection, rebooted, etc.)
Any help very welcomed as I'm (quite) new to firewalls and getting a bit crazy with this!
Below my NAT, Floating rules, WAN, DMZ and LAN settings:
Firewall NAT settings
cf. image #2
Firewall Floating rules
cf. images #3, 4, 5
Firewall WAN settings
cf. image #6
Firewall DMZ settings
cf. image #7
Firewall LAN settings
cf. image #8
Images 4 to 6
Images 7 to 8 (end)