Problems with new setup along side L3 Switch

[tk4two1]

I have a new OPNsense setup I am trying to get to work.

I have my interfaces setup as follows:
WAN - igb0 - DHCP
LAN - igb3 - 172.16.1.2/29

Attached to the LAN port is my L3 switch with the following config:

Code Select Expand


ip route 0.0.0.0 0.0.0.0 172.16.1.2
ip routing
vlan 2
  name "Router VLAN 2"
  ip address 172.16.1.1/29
  exit
vlan 8
  name "WiFi VLAN 8"
  ip address 172.16.8.1/24
  exit


From the default setup, I have:

• disabled DHCP since it will be provided by my L3 switch.
• added a gateway on the LAN interface for the L3 switch (172.16.1.1)
• setup a route for the 172.16.8.0/24 network to the gateway created above
• created a firewall LAN rule to allow everything from 172.16.8.0/24 (clone of "Default allow LAN to any rule", changing only source network.)
• disabled blocking of private and bogon networks on LAN interface

I have a Pi on vlan 2 with the address of 172.16.1.3, it can reach the internet and also ping my other pi on vlan 8.
The other pi on vlan 8 has an address of 172.16.8.10, it cannot ping opnsense, the other pi, or an external DNS server(1.1.1.1), but it can connect to the web gui.

Looking at the firewall log on the console, I can see DNS requests going out from the pi in vlan 8, but they never seem to return.

I'm guessing this is a routing issue rather than rules, but I really don't know where else to look.

What am I missing?