Locked after connect the PC in another LAN

[StuardBr]

Hello everyone!!

I'm new to OPNSense. I'm starting a project about firewall + self hosted apps/NAS and started by the firewall.

I have a chinese generic mini pc with a Intel n5105, 4 Intel I255 NICs and 16gb DDR4 with OPNSense 24.1 installed.
After the install, I configured WAN (PPPoE) and 3 LANS. One with DHCP enabled and other 2 with static IP. At the first connect, I can connect my PC in any of the LANs and the access is ok. I have no custom rules configured, I just cloned the default permissive rule from LAN to the other LANs.
The problem start when I try to disconnect from the first LAN i connected and try to connect to other any LAN.
Let's assume that LAN1 has static IP. I configuired the IP in the windows and connected, All green. Internet access ok, firewall access ok. But if I disconnect from LAN1 and connect in LAN2, with DHCP, my PC receive the IP as desired but no traffic after that. No internet, no web gui from firewall, no ICMP, nothing! If I try LAN3, the same behavior. After that, i try to come back to LAN1 and surprise, locked too.
If I try a ping, a nslookup, I don't receive anything in PC, but in firewall logs in the console is possible to see the traffic in and out, but nothing happen.
The only way to "restore" my access is to do a factory reset and start again. After that, and configure the interfaces again, the access come back.
I tried a "pfctl -d" in shell but nothing change. I really don't know what is going on. Maybe a driver issue with the intel nics? Hardware problem? Spirits infestation?

Thanks for you attention

[h3zwe]

Probably best to start reading the official documentation, or various Internet tutorials before going any further.

OPNsense is 'deny by default', so unless you explicitly set allow rules for your newly created LAN2/LAN3 interfaces, nothing will get out.

[StuardBr]

Probably best to start reading the official documentation, or various Internet tutorials before going any further.

OPNsense is 'deny by default', so unless you explicitly set allow rules for your newly created LAN2/LAN3 interfaces, nothing will get out.

Hi, thanks for the reply. As said in the post, the default permissive rule from LAN1 was cloned to the others LANs, and as said too, the first LAN connected always work after the clone of the rule, don't matter what LAN it is (LAN1,LAN2 or LAN3) and, at the end, if it was a problem of rules, after connecting back to the first lan, assuming that his LAN has the correct rule, because it was the first one configured and have the "anti lock" rule for default, the traffic and firewall access should start again, but nothing happens.

[TheAutomationGuy]

Are you sure the different LANs are set up correctly with regard to IP addresses.  You say only one of the three is set up to use DHCP.  I would suggest that you turn DHCP "on" on all three LAN segments.  I suspect there is an issue either in your network segmentation address scheme (your LANs are overlapping addresses for example), or with IP address assigned (or not assigned) to the NIC of your computer you are tying to connect.  By turning on DHCP, this will correct both issues. 

You need to simplify things to ensure they work correctly.  If you later want to "complicate" things by turning off DHCP on some of the network segments, at least you know why it stops functioning.

[meyergru]

You did not tell anything about the IP ranges. If you configure everything with DHCP and you use disjoint Ranges, everything would probably work just fine, but I got a hunch that you try to use the LAN ports as a Switch. If I am correct, read the documentation on how to create a LAN Bridge.