Hello
Yesterday I switched from our Belgian ISP Telenet to Orange.
I used the Telenet modem/router combo in bridge mode and do the same with the Orange one.
I did not change anything on my Opnsense machine, except for 1 reboot, but yet it does not allow LAN devices to talk to each other, nor get internet access.
Opnsense receives a WAN IP (dynamic ip) and the Opnsense machine itself can ping to ips outside of my local network through shell.
My Opnsense machine has 1 em0 ethernet port that is connected to the bridge port of the Orange router.
It also has 4 ethernet ports through an Intel NIC. These ports are set up in bridge mode, set up according to the Opnsense LAN Bridge guide.
I don't know how to show you all my settings but other than default settings, these are the settings I am using:
Gateways:
WAN_DHCP (active)
interface: WAN
ip address: dynamic
upstream gateway: yes
far gateway: true
disable gateway monitoring: true
WAN_DHCP6 (active)
ip address: dynamic
upstream gateway: false
disable gateway monitoring: true
Interfaces:
LAN:
bridge0
block private/bogon networks: false
ipv4 config: Static ipv4
ipv6 config: track interface
ipv4 address: 192.168.0.1
ipv4 upstream gateway: Auto-detect
ipv6 interface: WAN
ipv6 prefix id: 0
OPT:
igb0
block private/bogon networks: false
ipv4 config: none
ipv6 config: none
OPT2:
igb1
block private/bogon networks: false
ipv4 config: none
ipv6 config: none
OPT3:
igb2
block private/bogon networks: false
ipv4 config: none
ipv6 config: none
OPT4:
igb3
block private/bogon networks: false
ipv4 config: none
ipv6 config: none
WAN:
em0
block private/bogon networks: true
ipv4 config: DHCP
ipv6 config: DHCPv6
Other types -> Bridge:
Member interfaces: OPT, OPT1, OPT2, OPT3
Link-local address: false
Unbound DNS:
Enabled
port 53
network interfaces: all
I also noticed that while Opnsense WebGUI doesn't show any firewall logs. If I enter option 10 (firewall log) in shell. I see calls like:
192.168.0.50.58785 > 192.168.0.1.53: 30438+ A? wpad.home.lan. (31) 00:00:00.00007 rule 5/0(match) block in on bridge0: .... etc... proto UDP.
Does anyone have an idea what might be wrong with my setup?
I have a bit of network knowledge, but mostly hobbyist level (CCNA 1).
When directly connecting a device to the bridged router from Orange, that device will get internet access.
First question that comes into my mind when seeing this:
Quoterule 5/0(match) block in on bridge0
do you have rules on said interface to allow traffic? Also check the settings of the following two system tunables
net.link.bridge.pfil_bridge
net.link.bridge.pfil_local_phys
in my bridged setup I have the first on 1 and the second on 0 which enables filtering on the bridge interface and not the underlying physical interfaces. Usually one want to filter on the bridge interface and not the physical one (at least in my case :)))