New Interface / LAN unable to reach internet

Started by kitaro1999, April 01, 2025, 10:40:39 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
April 01, 2025, 10:40:39 PM Last Edit: April 01, 2025, 10:54:46 PM by kitaro1999 Reason: clarified language
I am currently using version 25.1.3 and have added a new Ethernet interface for a second LAN (L2).

While the new interface is configured and enabled, devices on L2 CANNOT access the internet.  However, they CAN communicate with devices on the first LAN (L1). It appears that I need to add a specific firewall rule to resolve this issue.

Here are additional images of the settings:  https://imgur.com/a/qDgix5G
NAT rules: https://imgur.com/a/Ah81Yfn
April 01, 2025, 11:05:32 PM #1
Check the outbound NAT. If it's in automatic or hybrid mode OPNsense should have a rule to the new subnet.
If the rule is missing you need to add it manually and select the hybrid mode to enable it.
April 02, 2025, 12:30:55 AM #2
Thanks so much. Here is the screenshot of the NAT outbound rules. Looks like both interfaces have that rule enabled.


I am stumped for sure!
April 02, 2025, 12:31:54 AM #3
One difference between both interfaces is that the non-working one has no IPv6 configuration.
I'm not sure how that interacts with the 2 gateways we see in the FW rules.
April 02, 2025, 12:38:13 AM #4
Some useful information here for IPv6: https://forum.opnsense.org/index.php?topic=45822.0
April 02, 2025, 12:54:44 AM #5
Thanks fro the guide EricPerl 

I am also not sure if absence of IPv6 affects or should affect the firewall in any way.

April 02, 2025, 03:27:26 AM #6
For all we know, you are getting internet connectivity via IPv6 on LAN.
You could look at your existing traffic to confirm... It's not that hard using the FW live view (in on LAN, out on WAN, same destination).

Or you could turn off IPv6 on LAN so that the configurations are more similar.
April 02, 2025, 08:20:25 AM #7
I see 2 differences:

  • for LAN1 there are two 'allow all' rule, one for IPv4 and one for IPv6. But that should not matter at all
  • the device for LAN2 is 'ue0', that's an USB eithernet NIC? They are known to be unreliable. But still if you access LAN1 it does seem to work

Can you ping 1.1.1.1 from a LAN2 client? Maybe it's just DNS that is not working for LAN2? If your using Unbound on OPNsense, is it set to listen to all interfaces?
Deciso DEC740
Print
Go Up Pages1
User actions