my apologies if this was answered anywhere, but I couldn't find my specific issue.
I'm attempting to install OPNSense as an edge router between 2 public IP Address Spaces (like an ISP router)
There are a few firewalls on the LAN side of the OPNSense.
I'm using OPNSense to block access to my "LAN" devices from known bad IP lists (TOR/CI Army, etc.)
I'm using Floating rules and it is working fine in this manner,
I have a few devices that I monitor on the internet via SNMP, and I cannot reach them.
is it possibly a default rule blocking SNMP out to the internet, and is there a way to override this?
or maybe it's double NAT
Quote from: MrLee on March 20, 2024, 04:38:19 PM
is it possibly a default rule blocking SNMP out to the internet
No.
Quote from: MrLee on March 20, 2024, 04:38:19 PM
or maybe it's double NAT
If you use OPNsense as a data centre firewall with only public addresses you should disable NAT entirely, IMHO.
will the block rules still work?
that's my main reason for switching from the router I had.
Quote from: MrLee on March 20, 2024, 05:36:22 PM
will the block rules still work?
Block rules and allow rules work entirely independent from NAT like in any decent firewall.
I will try during off hours tonight.
thanks for the advice.