"
Hi,
Working my way through configuring a new opnsense device, and I've run into an issue I can't figure out how to debug.
I have 6 ports on my device - 1 is for wan, 4 of them are bridged, and the 6th is a "normal" interface.
The 4 bridged ports are my internal network 192.168.10.0/24.
The other port that isn't a wan is a guest network 192.168.20.0/24
As far as I can tell, I've managed to set up the firewall properly, so that guest has access to the dns/dhcp on the router, and it gets routed to wan. But it does NOT have access to my internal network. Which is what I want.
However, I would like to be able to access a device on the guest network (an access point) from the internal network - and I simply get a timeout trying to make that connection.
When I view the firewall live view - I can specifically see traffic being allowed. Yet, I simply get a timeout. And I cannot see any deny rule.
For example, when I try to make a curl request, from internal (LAN Bridge) to guest (LAN6), I see the request, and the response, both being approved.
Its like the traffic is approved coming off the guest lan, but then is just lost, rather than routed back to the internal lan.
What could I be doing wrong? How can I debug this? It doesn't seem to be the firewall blocking it, it seems to be a routing problem.
Thanks for any advice.
Working my way through configuring a new opnsense device, and I've run into an issue I can't figure out how to debug.
I have 6 ports on my device - 1 is for wan, 4 of them are bridged, and the 6th is a "normal" interface.
The 4 bridged ports are my internal network 192.168.10.0/24.
The other port that isn't a wan is a guest network 192.168.20.0/24
As far as I can tell, I've managed to set up the firewall properly, so that guest has access to the dns/dhcp on the router, and it gets routed to wan. But it does NOT have access to my internal network. Which is what I want.
However, I would like to be able to access a device on the guest network (an access point) from the internal network - and I simply get a timeout trying to make that connection.
When I view the firewall live view - I can specifically see traffic being allowed. Yet, I simply get a timeout. And I cannot see any deny rule.
For example, when I try to make a curl request, from internal (LAN Bridge) to guest (LAN6), I see the request, and the response, both being approved.
Code Select
LAN6 <- 2024-12-12T01:31:51-06:00 192.168.10.20:38070 192.168.20.3:80 tcp let out anything from firewall host itself
LANBridge -> 2024-12-12T01:31:51-06:00 192.168.10.20:38070 192.168.20.3:80 tcp allow lan to any
Its like the traffic is approved coming off the guest lan, but then is just lost, rather than routed back to the internal lan.
What could I be doing wrong? How can I debug this? It doesn't seem to be the firewall blocking it, it seems to be a routing problem.
Thanks for any advice.
