OPNsense Forum

English Forums => General Discussion => Topic started by: myksto on March 22, 2018, 09:11:35 am

Title: Default Gateway for WAN and Automatic Outbound NAT
Post by: myksto on March 22, 2018, 09:11:35 am

Hi.
Here's my OPNSense 18.1.5 configuration (ip are not real of course):

• WAN: public ip 88.40.191.10/29
• LAN: 192.168.59.0/24
• DMZ: 192.168.10.0/24

GW is a Huawei router whose address is the first available public address of my public pool: 88.40.191.9/29.
I inserted the GW ip address as the default GW in OPNSense gateways.
WAN cable of OPNSense is plugged in a port ot the Huawei router.
OPNSense WAN ip and Huawei router ip are in the same public subnet (/29) of course.

Well I found these strange behaviours (or better I think there're strange but maybe they're not):
if I ADD the "upstream gateway" (Huwaei router IP) in WAN interface OPNSense can't reach that gateway so no internet connection can be established, nothing at all.
if I DON'T ADD add the "upstream gateway" in WAN interface OPNSense can reach the gateway but noone in private networks can surf because the automatic OUTBOUND NAT rules are empty. If I manually add my private networks in OUTBOUND NAT everything is fine.

My questions are:

• why my GW is unreachable if I add it in upstream gateway of the WAN interface? I mean, is it not correct to insert it there?
• Why no outbound nat rule are automatically created if no upstream gw is set on WAN?
• What is the default/correct practise in these cases?

Thanks a lot, Michele.