I have deployed a KVM running opnsense with Terraform, I have disabled the firewall rules via the CLI by running :
pfctl -d
I can ping both the opnsense WAN and LAN addresses from host machine, but I am unable to access the web GUI in the host machine. Has anyone experienced similar issues? I am trying to access it with https://<opnsense_LAN> . Both the LAN and WAN networks have DHCP and DNS enabled to be handled by libvirt.
LAN network configuration:
<network connections='1'>
<name>LAN</name>
<uuid>266e1949-1d32-43dc-888f-be45763daf90</uuid>
<forward mode='nat'>
<nat>
<port start='1024' end='65535'/>
</nat>
</forward>
<bridge name='virbr0' stp='on' delay='0'/>
<mac address='52:54:00:2e:d6:85'/>
<dns enable='yes'/>
<ip family='ipv4' address='192.168.122.1' prefix='24'>
<dhcp>
<range start='192.168.122.2' end='192.168.122.254'/>
</dhcp>
</ip>
</network>
WAN network configuration:
<network connections='2'>
<name>WAN</name>
<uuid>8a729ce2-0809-4c8d-ae54-b6b55e297347</uuid>
<forward mode='nat'>
<nat>
<port start='1024' end='65535'/>
</nat>
</forward>
<bridge name='virbr1' stp='on' delay='0'/>
<mac address='52:54:00:94:a6:72'/>
<dns enable='yes'/>
<ip family='ipv4' address='10.10.10.1' prefix='24'>
<dhcp>
<range start='10.10.10.2' end='10.10.10.254'/>
</dhcp>
</ip>
</network>
I'm unfamiliar with terraform but what made me stuck in your kvm config snippet: why forward mode nat on a bridged interface? Usually a briged-to-the-host interface does not require nat as the VM should be in the same network as the host. If it is nat'ed from the host to the VM then usually one need port-forward rules to access ports on the vm from outside the VM