no route to internet from downstream gateway

[cambrbr]

I have a few VLANs in my homelab that need to be able to reach the internet (diagram is in the attachment)

My test "server" VLAN is sitting behind a router that is NOT my opnsense box. I created a transit vlan between that router and my opnsense firewall. I put in the correct route back to the 192.168.130.0 network through the 172.16.0.2 gateway in the transit network (otherwise no ping reply) and I have opened up the firewall to allow this traffic to go anywhere when originating from the transit network.

When I put a network client into my 192.168.130.0 subnet, I can ping the default gateway in that subnet (192.168.130.1), and I can ping the firewall interface of the transit subnet I created (172.16.0.1).

However, a host in 192.168.130.0/25 cannot reach (not even ping) the internet. The firewall log shows traffic is allowed to pass, but I don't get a ping reply.

Any other network I created that is "'directly" attached to the OPnsense FW works flawlessy (e.g. the services network).

Am I missing a route or default gateway somewhere ? Is it because the 192.168.130.0 network is not "known" to OPnsense ?

(PS: I'm not a routing specialist, I'm a hobbyist so do bear with me when I ask something stupid).

[Seimus]

Do you have NAT created for that network in order to reach Public destined adresses?

Regards,
S.

[cambrbr]

NAT is set to "Automatic outbound NAT rule generation".
Perhaps a manual NAT rule needs to be created ?

[Patrick M. Hausen]

Yes. Automatic takes care of directly connected interfaces only.

[cambrbr]

Thanks to the both of you. I switched to hybrid mode for NAT and added a manual rule for the 192.168.130.0 network.

Works now :-)

[Seimus]

Great,

please adjust your topic subject with [SOLVED] front of it ;)

Regards,
S.