No Ping but can Internet

[sprout]

OK, the title is play on another thread but the question is real, I have:

localnet1 <-> opnsense <-> localnet2 <-> ISP NAT Router <-> Internet

(localnetX are non routable 192.168.x.0)

I don't want NAT on the opnsense / localnet2 interface because I want to port forward from the ISP Router to localnet1, so I have a static ip on opnsense and a network route on the ISP Router back to localnet1 with gateway opnsense.

So far so good, I can access the ISP Router UI from localnet1 and pings etc all work.

Next I need to define the ISP Router as the default gw for opnsense / localnet1 so I created a new single gateway and set it to the opnsense / localnet 2 interface. Now I can access the internet through ISP Router from localnet1, if I check whatsmyip I can see the ISP Router WAN address so it seems to be working correctly.

However I can no longer access the ISP Router UI from localnet1, I can't even ping / port probe it from the interface diagnostics page. The strange thing is that I can ICMP traceroute to the internet successfully and the first hop is the ISP Router...

The only thing that's changed is making the opnsense / localnet2 interface a gateway, but I assumed (probably incorrectly) that all that did was add a default route (which seemed to be the case from a cursory inspection of the routing table). I've no idea why this would break access to the ISP Router.

The only parameter in the Gateway that I set without understanding was the 'IP address' that has no help, but seems to populate the 'Gateway' column on the Gateway list page. I STR it didn't work without. The interface itself has ' IPv4 Upstream Gateway' set to autodetect, but there are only two interfaces on localnet2 and it didn't work when I set it manually (before creating the Gateway). I have outbound NAT set to manual and no NAT rules for this gateway. I also have a rule permitting localnet1 to localnet2, before the localnet1 to 'any' rule that defines the default gateway.

Does being a Gateway have any other effect on an interface that I'm not aware of? Or am I misunderstanding what I'm doing?

Thanks for any ideas, I've been poking it for so long I think I'm back where I started, no further forward.

[axsdenied]

I think some further context is required here.  Presumably your ISP router is... routing, nating and has a firewall.  If you don't want to use the OPNsense box for any of that, what's it's purpose?

[sprout]

It's a new (to me) service, with a pretty basic included router that I plan to replace with a media converter (fibre-ethernet - fibre is plugged directly into the router). The ISP doesn't support anything other than their router though, so if I lose service I'll have to reconnect their router before calling support.

It would be useful to be able to see the router admin page when I do this, which is why I'm trying to solve it, there's a wifi interface to it though, so it's not insurmountable. I was mostly just curious why it wasn't working, I couldn't see any obvious network reason for it so I figured it must be something I don't understand about opnsense.

[sprout]

Patching to latest stable (was already pretty close so only a minor upgrade) and a reboot has resolved it, can now see the internet + the router UI, so it's working like I expected it to.

[CJ]

What model ISP router is it?  A lot of them have a bridge mode that turns them into a basic modem and pass through.    This usually also disables the wifi, etc.