Opt1 no internet

Started by peterwkc, December 18, 2024, 09:46:23 AM

Previous topic - Next topic
Dear all, I had configured opnsense in newly setup but my opt1 cannot access internet. Probably unbound DNS config error. I had configured lan n opt1 interface can use unbound but I don't know y it cannot access internet
Please help troubleshi.

Please show the interface configuration, the DHCP settings, and the firewall rule(s) you configured for OPT1.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)

Quote from: Patrick M. Hausen on December 18, 2024, 09:50:23 AMPlease show the interface configuration, the DHCP settings, and the firewall rule(s) you configured for OPT1.

Interface Configuration:
Lan 192.168.1.1/24
OPT1: 192.168.2.1/24

DHCP:
LAN 192.168.1.100 -192.168.1.105
OPT1 192.168.2.100 - 192.168.2.105

Firewall Rules:
LAN = No custom rules all default generated rules
OPT1 = IPv4+6 *    *    *    LAN net    *    *    *       OPT_Block

Please show a screen shot of that OPT1 rule - it is not at all clear what is configured from that bit of text.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)


Another screenshot of unbound DNS.

The firewall rule, not the interface configuration. Firewall > Rules > OPT1 ...
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)

Quote from: peterwkc on December 18, 2024, 12:35:31 PM
Quote from: Patrick M. Hausen on December 18, 2024, 09:50:23 AMPlease show the interface configuration, the DHCP settings, and the firewall rule(s) you configured for OPT1.
Firewall Rules:
LAN = No custom rules all default generated rules
OPT1 = IPv4+6 *    *    *    LAN net    *    *    *       OPT_Block

It's not clear what that one OPT1 rule is supposed to be doing but you certainly don't seem to have any rules that allow internet access. If your goal is to allow OPT1 internet access but no access to the LAN, create a rule that allows all traffic to the inverse (check Destination/invert box) of LAN net.

Here is the screenshot of Firewall Rule for OPT1:


That rule says Drop traffic to LAN, then the next rule is implicit and drops all traffic.

You don't have any allow rules for the traffic to get out of that OPT1 space.

Quote from: peterwkc on December 20, 2024, 03:02:33 AMHere is the screenshot of Firewall Rule for OPT1:
As was already mentioned, that rule doesn't accomplish anything. After creating an interface, all traffic is denied by default until allow rules are created. To accomplish your intended goal, edit that rule to be an allow rule and check the inverse box for the destination. That will allow traffic to any destination that is not your LAN net; i.e. the internet.


How to add a rules to block OPT1 net to LAN net?

Is it create a rule on LAN interface?

Create a block rule on OPT1.

Source: OPT1 net
Destination: LAN net
Action: block

Place that above the allow rule you already have.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)

Problem solved. Thanks everyone.