Hi All!
Trying to keep it short. I today added VLANs to my existing OPNsense router/firewall and after the initial setup, I faced two issues: I would not get DHCP responses on the VLAN and the VLAN could not reach the Internet.
After investigation and debugging, it turned out that I needed to manually add a firewall rule to allow incoming traffic on the VLAN interface (that made DHCP work). Internet access required adding an outbound NAT rule, which required switching to "Hybrid outbound NAT rule generation" first.
So things are working now. I however asked myself, if I might have missed some checkbox to tick :)
During initial installation of OPNsense I cannot remember to having had to do any such "manual" setup. And there is automatic firewall rules generated as well as automatic outbound NAT rules. All is "just working" automagically.
So have I maybe missed selecting some checkbox when creating the VLAN devices/interfaces ? Or is this simply not covered by any automation?
Thanks in advance!
PS: I am not complaining about having to do manual setup, only wondering if I missed something
The out-of-the-box works default for only a Single LAN. (can be as well disabled)
This is done so new users, have access to internet. The default any/any allow applies only to the 1st LAN interface.
Any sub-sequential Interface you create needs to have a manually added rule > this is expected and by design.
In regards of Source NAT (outbound), if its on Automatic, any new Interface should be added to the Automatic Rule. But this will happen only if the rule is automatic. If you have had it on Auto, maybe the interface was just not loaded properly in there, hitting the apply button under the rules should reload the config and put in in there.
Anyway, best practice is always to create your rules manually for both Firewall rules and NAT rules.
Regards,
S.