OPNSense behind ISP Modem; all traffic blocked

Started by malchir, April 22, 2019, 07:57:45 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
April 22, 2019, 07:57:45 PM
Hello all,

I have the following setup:

Internet -- ISP modem -- OPNSense -- l3 switch

ISP modem - OPNSense subnet : 192.168.178.0/24 (.1 <-> .252)
OPNSense -- L3 Switch 10.34.10.0/24
L3 Switch - 10.34.0.0/16 (several VLANs).

I've added FW rules to allow 10.34.0.0/16 (added routing and gateway too) to any but traffic gets blocked by "Default Rule". I've made it more specific by adding /24 subnet rules but traffic stays blocked. I've searched through OPNSense and PFSense posts but I cannot get a right answer why something pretty obvious gets blocked. Am I missing NAT rules (it's double NAT, yeah not perfect but it works)? I've disabled blocking RFC1918 en bogon networks.

At the moment I use an ASA 5505 and that works but as soon as I switch the default route to the OPNSense FW (on the L3 switch) the logs fill up with block spam.

I must be overlooking something but I do not see it at the moment.

With kind regards,

Marcel Tempelman.

April 22, 2019, 08:59:48 PM #1
Are you allowing RFC 1918 on your WAN interface? Interfaces, WAN, make sure 'Block private networks' is unticked.

Bart...
April 22, 2019, 09:26:53 PM #2 Last Edit: April 23, 2019, 01:03:55 AM by Maurice
If you want OPNsense to perform NAT for subnets other than those of its LAN interfaces, you need to add manual outbound NAT rules.
OPNsense virtual machine images
OPNsense aarch64 firmware repository

Commercial support & engineering available. PM for details (en / de).
April 23, 2019, 07:26:40 PM #3
Thx Maurice ! That was what fixed it. I was still using the automatic setting. Just added a NAT rule for my 10.34.0.0/16 subnet and it worked !

with kind regards,

Marcel Tempelman
Print
Go Up Pages1
User actions