Hello,
I'm about to swap out my pfSense VM with a hardware based OPNsense FW, is it normal to have no rules in the WAN rule section, does it just auto NAT LAN to WAN so I should get on the Internet?
I've got the WAN port set to DHCP and will connect my Virgin Broadband router in modem mode soon.
Thanks
Yes :)
An automatic NAT rule will be generated, following the initial setup wizard.
Port Assignments:
By default, the system will be configured with 2 interfaces LAN & WAN. The first network port found will be configured as LAN and the second will be WAN.
IP ranges & DHCP:
The WAN port will have a DHCP client and expects to be assigned an IP address. (This will be handled by the Virgin Hub being in Bridge Mode)
The LAN port will have a DHCP server, a static ip of 192.168.1.1/24 and offers IP addresses in the range of 192.168.1.100-200.
Normally you should just need WAN rules if you want to make services accessible from the internet - but that's the same on pfsense
The only rule needed is the "ALLOW any any" rule on LAN, which is in place ootb. Don't add anyting to WAN, not needed.
Narrowing down the LAN rule to the services needed (HTTP, HTTPS, IMAPs, SMTPs...) is best practice, then you can disable the "ALLOW any any" rule.
Thanks all!