Firewall Rule Processing Order + NAT + tags

[ruffy91]

Hi,

I'm trying to use tags in rules but I think I am missing some knowledge.
What I try to achieve:
All packets exiting through the wan interface should be allowed when they are coming from a specific network.
How I try to achieve this:
I tag packets on the manual outbound masquerading NAT rule.
I then match this tag on a floating rule on the WAN interface for outbound packets.

Example:
Outbound NAT on WAN for source 192.168.1.0/24, target any, translate source to WAN IP, add tag "internet"
Floating Rule pass on WAN for source any, target any, direction out, match tag "internet"

Processing order afaik is:

• Outbound NAT rules

: tag "internet"

• Inbound NAT rules such as Port Forwards
• Internal automatic rules (pass and block for various items)
• Rules defined on the floating tab

: match "internet" and pass

• Rules defined on interface group tabs (Including IPsec and OpenVPN)
• Rules defined on interface tabs (WAN, LAN, OPTx, etc)
• Automatic VPN rules

But the packets coming from 192.168.1.0/24 going to WAN still are dropped by the default drop rule on interface LAN. Floating rule is "quick".

Does anyone have an idea what I am doing wrong?

[newsense]

It surely looks like you would need a VPN Site2Site there, and as far as Rules are concerned clearly you don't have the default so it might be best to post a screenshot?