Messages

The interface is an SFP port.
Since I am getting a DHCP address on the client, and I can see traffic coming from the client to the firewall, and in live view I can see the packet arriving at the firewall and passing the allow all out rule, it seems like basic connectivity is up.

I've attached a screen shot for both the existing LAN interface and the new SFP interface.

I also attached a packet capture from the firewall showing traffic coming from the client machine with a ping that is not responded to.
Thanks for any thoughts!

I did a package capture and I see all the traffic originating on from my test system. I don't see any traffic headed out from the firewall to the test system.

I'm missing something obvious here, but I can't figure out what it is!

Also, I've deleted the extra rules allowing ping, since the allow all from the lan covers ping.

Hey Eric,

Thanks for the info. I was unaware of how the logging was working, so that's helpful. I will do some packet captures to get a better picture.
The intent of the rule was to allow all traffic outbound on the new lan interface (SFP1), and it looks like it's doing that.

I still haven't figured out why traffic appears to make it to the rules, pass the outbound rules, but nothing returns.

DHCP sits between layer 2 (network) and layer 3 (IP). You can't have more than one DHCP server per (broadcast) network. Additionally when you add an interface to OPNsense (e.g. OPT1), it is seen as a separate network and no default firewall rules are created for it.

You essentially have three options:
- Leave your networking to your switch infrastructure and only have one OPNsense LAN interface
- Separate your network into security zones, each with their own IP subnet and DHCP (what @EricPerl hinted at)
- Create a bridge on OPNsense for your LAN interfaces

Bart...

Thanks for the reply Bart!
I'm trying to do option 2 above - I have separate address ranges for each interface, and dhcp is correctly handing out addresses on each segment.
I have added the following default rules to the new optical interface:
- allow ping to the firewall addresses
- allow any outbound traffic to the wan interface

Watching liveview, I can see pings are getting to the ICMP rule, but not receiving a reply. I also see DNS queries hitting the outbound traffic rule and passing, but no reply traffic.

I have NAT set to hybrid.

I'm not sure what I've got wrong here!  Thanks again for the help!

Any clue in the FW live view?
New IP range not overlapping with another, right?

current lan segment is 192.168.2.0/24
new segment is 192.168.4.0/24

interesting - live view shows dns queries matching on the allow everything outbound rule.

Hey -
I'm new to Opnsense, coming from a Fortinet background.
I'm adding a new optical interface for a lan switch. I've got it set up with DHCP dishing out addresses as expected.
I've tried to add firewall rules to allow pinging the firewall, and a rule to allow all outbound access.
I done a packet capture on the interface as I ping the firewall. I see the inbound ping, but no response.
I suspect I've done something stupid with my rules.
Can you guys take a peak and see if you see something obvious?