I have a few VLANs in my homelab that need to be able to reach the internet (diagram is in the attachment)
My test "server" VLAN is sitting behind a router that is NOT my opnsense box. I created a transit vlan between that router and my opnsense firewall. I put in the correct route back to the 192.168.130.0 network through the 172.16.0.2 gateway in the transit network (otherwise no ping reply) and I have opened up the firewall to allow this traffic to go anywhere when originating from the transit network.
When I put a network client into my 192.168.130.0 subnet, I can ping the default gateway in that subnet (192.168.130.1), and I can ping the firewall interface of the transit subnet I created (172.16.0.1).
However, a host in 192.168.130.0/25 cannot reach (not even ping) the internet. The firewall log shows traffic is allowed to pass, but I don't get a ping reply.
Any other network I created that is "'directly" attached to the OPnsense FW works flawlessy (e.g. the services network).
Am I missing a route or default gateway somewhere ? Is it because the 192.168.130.0 network is not "known" to OPnsense ?
(PS: I'm not a routing specialist, I'm a hobbyist so do bear with me when I ask something stupid).
Do you have NAT created for that network in order to reach Public destined adresses?
Regards,
S.
NAT is set to "Automatic outbound NAT rule generation".
Perhaps a manual NAT rule needs to be created ?
Yes. Automatic takes care of directly connected interfaces only.
Thanks to the both of you. I switched to hybrid mode for NAT and added a manual rule for the 192.168.130.0 network.
Works now :-)
Great,
please adjust your topic subject with [SOLVED] front of it ;)
Regards,
S.