Messages

[Alias:]

and no idea if there are issues with your alias...

Here it is. There are two host IPs because one is for the wireless interface and one is for the wired interface. For now I am not using the wireless interface at all.

Alias:
Nintendo_Switch   Host(s)       172.17.197.200,172.17.197.201

have setup the outbound rule like yours except for:

Translation/target: WAN address

I'll give that a try and see how it goes.

Thanks for the help.

[My NAT rule is as follows:]

I have setup opnSense and I am having a hell of a time getting the switch to work reliably when connecting to other players (Animal Crossing is the game in question, don't really have any other online multiplayer games yet).

The switch is:

• on it's own VLAN
• wired into the network
• being handed it's own static reserved IP from my DHCP/DNS server (not opnSense)
• verified that it has the correct IP assigned to it
• connected to the internet just fine (it can update software and passes all the internet tests)
• on a VLAN interface that has the correct firewall rules to allow all traffic from it to the WAN interface, but to block any traffic from it to my other VLANs.
• told to forget all wireless networks, so LAN connection is it's only option for a connection.
• set to connect automatically
• set to use an MTU of 1500

I did an internet test and got a NAT score of D. So I did the research and discovered that I need to set the opnSense box to a hybrid NAT setup, then create a rule for the switch with a static port (the setting of which are below). This took the score to a B. But I still cannot connect to other players. The game will connect to the internet, locate the other players send me over to them and then just before I land it will tell that there was an internet problem and disconnect.

So I did more research and discovered I can setup UPnP for that VLAN and that specific client, so I did that (setting used are below). Set that up to just work on the VLAN the switch is on, deny by default but allow ports 45000-65535 to be mapped to the switch IP. Rebooted the switch and tried again, still no luck (I also note that in the Status of the UPnP module no connection shows up).

I have no idea where to go from here, I am reasonably sure that the NAT rule is working and that this is not a firewall rule issue, though I am unsure of the PnP rule is working or not (it shows no sessions in the Status section).

Please help me before I end up throwing my 11yo out the window of moving car as she won't stop complaining about this issue.

My NAT rule is as follows:

• Disabled: Unchecked
• Do Not NAT: Unchecked
• Interface: WAN
• TP/IP Version: IPv4
• Protocol: Any
• Source Invert: Unchecked
• Source Address: Nintendo switch (an alias to the switch's IP)
• Source Port: Any
• Destination Invert: Unchecked
• Destination Address:Any
• Destination Port: Any
• Translation/Target: Interface Address
• Log: Unchecked
• Translation/port: Blank
• Static port: Checked
• Pool Options: Default

The remaining fields are all blank (Set Local Tag, Match Local Tag, No XMLRPC Sync and Desription).

The uPnP settings are:

• Enabled: Checked
• Allow UPnP Port Mapping: Checked
• Allow NAT-PMP Port Mapping: Checked
• External Interface: WAN
• Interfaces: Vlan of the switch
• Max Down: Blank
• Max Up: Blank
• Override WAN Address: Blank
• Lot NAT-PMP: Checked (Where is this logged?)
• Use System Time: Checked
• Default Deny: Checked
• Entry 1: allow 45000-65535 <switch IP> 45000-65525

Everything else is blank.

Physical layout is:

Internet ------- Netgear Cable Modem -------- opnSense (VLAN 197) -------- Cisco 3560x ---------- Switch

And if it is relevant, I am on Comcast, with there 1Gb/s internet service.

It really helps if your switch knows about the VLANs you are trying to create. The issue was on my Cisco switch, I completely forgot to tell it about VLAN50.

It all works as expected now.

Hi there,

I am running OPNsense 20.1.6-amd64 and have been working on segmenting my network into a some VLANs, everything is working great except for just one VLAN. For some reason I cannot get traffic to leave VLAN 50, even though the firewall rules are set up identically to other (working) vlans.

The rules look like this:

        IPv4 *   *   *   100_Servers net   *   *   *         
        IPv4 *   50_VoiceNetwork net   *   RFC1918    *   *   *   Block all private IP space      
        IPv4 *   50_VoiceNetwork net   *   *   *   *   *   Default allow LAN to any rule

The goal is for this VLAN to internet access, access to my server VLAN and no others, the RFC1918 Alias refers to the private ip space, it's to block traffic to other VLANs. This exact rule set works just fine on other VLANs, exactly as expected. But even when I disable the top 2 rules I still can't get traffic to leave the VLAN.

Nothing comes up in the firewall line view and I can ping other clients on the VLAN in question (but not the opnSense VLAN interface, or anything beyond it).

So I am completely stumped. I have gone through and checked and rechecked the VLAN setup, the interface setups etc and as near as I can tell it is identical to the others, but it just won't pass the traffic.

Any ideas on where else I can check to get an idea of what's going on here?

Thanks,