two firewalls - ext. and int. the dig is working "internally" but no web- access

[rickeyw]

Hello Everyone,
I hope All is doing well !

Please, see the attached image for a small infrastructure with two firewalls.
There is an "external" firewall - fw1, and "internal" one - fw2.

On fw1's e1- interface is configured as opt1, and e0, as wan. There is also a lan- interface on fw1 (lan1) but for simplicity it is not shown on the diagram.
The wan1 ip- address on fw1's e0 is not the real one, and just implies that it is connected to the public net.
A range of 192.0.2.0/30 is used between fw1, and fw2.
On fw1's e1- interface icmp, dns (tcp, and udp), http, and https rules are configured, and a static route to 192.168.1.0/24 thru 192.0.2.2 is done too.

On fw2's e0- interface is configured as wan, and e1 is configured as lan.
On fw2/e0 a static route to 1.1.1.0/24 thru 192.168.1.1 is configured too.

From "Interfaces"-"Diagnostic"-"Ping" of fw2's wan (e0) I am able to ping google.com (the reply is ok from 8.8.8.8).
From "Interfaces"-"Diagnostic"-"Ping" of fw2's lan (e1) I am able to ping google.com, and 8.8.8.8 (the reply is OK from 127.0.0.1).

From pc1, when I try to ping google.com, or 8.8.8.8 there is no reply (very strange because the dig google.com from the same pc1 is working perfectly !) - Could you give a hand with this, please ? The OS is Pop!_OS, and ufw is stopped, and disabled. No firewalld, and iptables presented, and I just ask the Pop!_OS community and they have confirmed that nothing else should block the ping by default. There is no Proxies enabled on neither firewalls, and pc1 ...
I ahve an additional question for the static route on fw2 - Does 0.0.0.0/0 as destination network, instead of 1.1.1.0/24 will work ?

Thanks, and Regards,

rick