Messages

Thank you for the question about the multi-wan.  That, along with other posts, finally got my attention to what appears to be the detail I needed to update.

The rule for the WAN interface where the external connection was allowed in had to have "Reply-To" set to the WAN interface.  Once I made that change, the issue appears to be fixed (needs more testing, but it appears to work at the moment).


NOTE: I have my Destination NAT set to where I need to manually make the rules ("Manual").  HOWEVER, in the attempting to fix this issue, I did also try "PASS" and "Register rule", both of which should have theoretically fixed this problem if opnsense was setting its own rules appropriately -- but it did not.  It did not work until I manually changed the rule and set the Reply-to option.

I did have the old rules converted over to the new during the upgrade and had the upgrade process delete the old rules.

I only have one WAN, but do have a semi-permanent VPN, that goes through that WAN, that is used as the external interface for a couple internal networks.  So there are multiple gateways.

I was a couple major versions behind, and went through many update/upgrades to get to the newest version.

Destination NAT was working correctly before the upgrade.  Afterwards, it no longer works.

Some details I found that I believe are important:
  1) Destination NAT actually works for a few moments after a full reboot, but then stops working.
  2) Logging shows that the Destination NAT entries, and relevant firewall rules, all trigger and allow passage inward as the requests come in from an external source.
  3) I find no mention of anything being blocked in the logs.

What could the issue be?  What should I be looking at that may be causing the issue?