Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - HighFive

Pages1
#1
25.7, 25.10 Series / What's wrong with my idea of dnsmasq internal and Unbound for external?
December 10, 2025, 09:22:00 PM
Hi,

Everybody seems to do it another way around. My intuition and idea would be that dnsmasq would serve as the dhcpd and also resolve internal dns queries (as internal dns). Outbound, however, would be the "upstream" dns server and would listen (in internal lan) in port 5553 and do the resolving for external addresses,

Am I missing something important? Why would this be stupid/subpar, since everyone seems to be doing it another way around?

I'm currently still running  25.1.9_2-amd64.

Thanks
#2
25.1, 25.4 Series / "Traffic showing as "let out anything from firewall host itself" - NAT/fw Q?
June 25, 2025, 11:36:19 PM
rule order question

Just started with OPNsense and have a question about firewall rule matching and logging.

Setup:

  • NAT + IPv4 only
  • Swapped physical interfaces to match actual LAN/WAN
  • Changed internal network to 192.168.0.0/24 with OPNsense at .1 as default gateway
  • Everything functions correctly

Issue/Question:
Most (if not all) outbound traffic from internal LAN clients is matching the automatic rule "let out anything from firewall host itself (force gw)" or "let out anything from firewall host itself". In the live log view, source address always shows the WAN IP even though I know the traffic originates from LAN clients.

I understand NAT rules are processed before firewall rules, but want to confirm this behavior is normal. Since outbound traffic passes by default anyway, it would be preferable to see the internal LAN IPs as source rather than the OPNsense IP address in the logs.

Questions:

  • Is this setup correct, or did I misconfigure something during the interface swap and network change?
  • Should I have modified firewall rules manually after these changes?
  • Is there a way to log the original LAN source IPs instead of the NATed WAN IP?


Current status:

  • Everything works fine functionally
  • Dashboard shows ~90% of traffic hitting "let out anything from firewall host" rule
  • Live log (DNS filtered) shows this rule being triggered constantly when clients access internet

Any guidance on whether this is expected behavior or if I need to adjust my configuration would be appreciated.
Pages1