I am currently using version 25.1.3 and have added a new Ethernet interface for a second LAN (L2).
While the new interface is configured and enabled, devices on L2 CANNOT access the internet. However, they CAN communicate with devices on the first LAN (L1). It appears that I need to add a specific firewall rule to resolve this issue.
Here are additional images of the settings: https://imgur.com/a/qDgix5G
NAT rules: https://imgur.com/a/Ah81Yfn
Check the outbound NAT. If it's in automatic or hybrid mode OPNsense should have a rule to the new subnet.
If the rule is missing you need to add it manually and select the hybrid mode to enable it.
Thanks so much. Here is the screenshot of the NAT outbound rules. Looks like both interfaces have that rule enabled.
I am stumped for sure!
One difference between both interfaces is that the non-working one has no IPv6 configuration.
I'm not sure how that interacts with the 2 gateways we see in the FW rules.
Some useful information here for IPv6: https://forum.opnsense.org/index.php?topic=45822.0 (https://forum.opnsense.org/index.php?topic=45822.0)
Thanks fro the guide EricPerl
I am also not sure if absence of IPv6 affects or should affect the firewall in any way.
For all we know, you are getting internet connectivity via IPv6 on LAN.
You could look at your existing traffic to confirm... It's not that hard using the FW live view (in on LAN, out on WAN, same destination).
Or you could turn off IPv6 on LAN so that the configurations are more similar.
I see 2 differences:
- for LAN1 there are two 'allow all' rule, one for IPv4 and one for IPv6. But that should not matter at all
- the device for LAN2 is 'ue0', that's an USB eithernet NIC? They are known to be unreliable. But still if you access LAN1 it does seem to work
Can you ping 1.1.1.1 from a LAN2 client? Maybe it's just DNS that is not working for LAN2? If your using Unbound on OPNsense, is it set to listen to all interfaces?