Messages

1

24.1 Legacy Series / Second router behind OPNSense without SNAT, return traffic being blocked

« on: February 12, 2024, 07:42:08 pm »

I have a second router inside my opnsense LAN without SNAT. I want to allow bi-directional communication between the two networks without losing source IP address.

My OPNSense IP range is 192.168.10.0/24. My second router's IP is 192.168.10.131. The networks handled by my second router is 100.64.0.0/10. The second router has a gateway set up within opnsense, plus a static route for all traffic going to 100.64.0.0/10 to be routed to that gateway.

I can communicate just fine going from opnsense to 100.x.x.x IP. However, I can't communicate the other way. Looking at the logs, I see that requests are being caught by the default deny rule. Here is a screenshot of the logs: https://i.imgur.com/8fuXLmb.png. This occurs when I try to access 192.168.10.140 from 10.81.208.115, so it looks like the return traffic is being blocked by the firewall.

I've tried adding a floating rule to pass requests between the networks, but no luck. Any advice here would be appreciated.

Edit: Fixed by enabling `Bypass firewall rules for traffic on the same interface`