For some reason, the (or some) inbound traffic at my OPT1 port is blocked by the firewall "Default deny rule". OPT1 is connected to a Google Nest Wifi Router. This router is handing out its own LAN subnet IPs to connected wireless clients.
Firewall log for OPT1 shows many blocked entries from the IPs that are on the LAN side of the Google Router, which I would expect to be invisible to OPNSense. But they are not.
SETUP:
AT&T GW -> OPNSense WAN
OPNSense LAN -> Dumb Switch -> A bunch of wired devices & an Orbi in AP mode
All devices here have 192.168.10.0/24 served by the OPNSense LAN DHCP - This piece works fine.
OPNSense OPT1 -> Google Nest Router
192.168.15.10 is the IP OPNSense gives to the Google router
192.168.86.0/24 is the subnet Google passes out to its LAN clients
I have allow-all-inbound-OPT1 FW rules set up in both on the Floating and OPT1 tabs (did that also for LAN)
Still, I see a bunch of the following block entries in the FW log:
Interface: OPT1
Direction: In
Source: 192.168.86.n or 192.168.15.10
Destination: Various WAN IPs
Proto: TCP
Label: Default deny rule
Not sure if it is related, but I see some blocks on the LAN port too but far fewer. I have the same allow-all-inbound rule on LAN.
Thank you for taking the time.