Messages

I realized the issue.
I forgot to enable "IPv4 gateway rules to point to my gateway.

all good now.

I'm running opnSense 26.1.4
I have an internet router that can server DHCP, but would prefer to use a static address so I don't need to worry about the address changing.

when I have the wan connection set to DHCP, the internet works perfectly on the LAN side. ping is good, etc.

when I switch the WAN from DHCP to static with the exact same address the DHCP gave, the internet drops for the LAN.
yes, I have added the default gateway.

If I go to the console of the opnsense router and do "7) ping host" it works fine to any internet address.
it's just the LAN that has lost internet access.

if anyone can help, please and thank you.

I'm using OPNSense as a edge router on my network.
I have to permit most IP Traffic through to allow my devices inside to work.

In my firewall logs I see a lot of DNS Queries hitting my "inside" interface.
is there a way to specifically block this through rules?

my router is not a DNS Server for anything that I need.

I use my OPNSense router on the edge of a corporate network that hosts VPN.  as everyone knows there are large vpn brute force campaigns going on around the world.

when I find an ASN that is guilty of many attempts at a brute force attempt towards our systems, I block the ASN in a BGP ASN alias.  this is becoming very large as you could imagine and I need to manually update multiple routers.

it would be great if there was a way to have an ASN tables list on a server the way the URL Tables (IP) works so i could list all the ASNs that I need in the alias.
this would eliminate me having to touch every device any time I find an ASN that is offending.

I figured out the issue so I figured I'd post the fix.

it appears that IPv6 was trying to do all my DNS requests from the firewall.
the Comcast circuit apparently handles this while the verizon one does not.

after disabling IPv6 on the device, DNS started resolving my aliases and downloading content.

I followed the instructions here to disable IPv6
https://www.reddit.com/r/OPNsenseFirewall/comments/wh6if3/easiest_and_most_complete_way_to_disable_ipv6/

I have 2 identical OPNSense firewalls running on 2 different circuits.
One on a Comcast Circuit  OPNsense 24.1.3-amd64
One on a Verizon Circuit. OPNsense 24.1.4-amd64

I have matched the IP URL Table aliases on each router.

apart from the wan/lan ip addresses and default for each device, they should be identical.

the comcast URL Table (IPs) seem to update regularly.
the Verizon one has never updated and has 0 entries for all of them.

any help or direction would be greatly appreciated. 
is there a way to troubleshoot this?

the verizon device works perfectly as a router, but I need the IP Tables for my firewall rules

I will try during off hours tonight.

thanks for the advice.

will the block rules still work?

that's my main reason for switching from the router I had.

my apologies if this was answered anywhere, but I couldn't find my specific issue.

I'm attempting to install OPNSense as an edge router between 2 public IP Address Spaces (like an ISP router)
There are a few firewalls on the LAN side of the OPNSense.

I'm using OPNSense to block access to my "LAN" devices from known bad IP lists (TOR/CI Army, etc.)

I'm using Floating rules and it is working fine in this manner,

I have a few devices that I monitor on the internet via SNMP, and I cannot reach them. 

is it possibly a default rule blocking SNMP out to the internet, and is there a way to override this?
or maybe it's double NAT