[SOLVED] Static routing problem

[didibo]

I have Opnesense set up with a LAN interface (192.168.1.0/24) and a WAN Internet interface - standard NAT setup etc.

I added another new router to my LAN (192.168.30.0/24) that default gateways to Opnsense. On Opnsense I've added a new gateway for the new router, and added a static route to 192.168.30.0/24 - plus did the NAT rules etc. Outcome, hosts on 192.168.30.0/24 can access the Internet on the WAN, plus I can access the Opnsense web portal on 192.168.1.0/24.

However, hosts on 192.168.30.0/24 cannot access hosts on the 192.168.1.0/24 network. In a network trace on a .30 host, I can see packets coming in - but no packets going out (TCP connection won't establish). If I look on Opnsense, I can see in the Live Firewall logs that Opnsense is blocking the return traffic by the 'default deny rule':

   lan      Oct 31 17:50:53   192.168.1.198:22   192.168.30.12:52372   tcp   Default deny rule

The .30 host default gateway points to Opnsense. If I add a static route to the .30 host (e.g.  route add -net 192.168.30.0/24 gw 192.168.1.250 then magically it all works, and Opnsense doesn't block at the firewall level. I've tried adding in firewall rules to allow all the traffic on the LAN interface but nothing works.

My question: how do I get this to work? Why does adding a manual static route to a host magically let the traffic through the firewall?

[didibo]

Nevermind - I found the solution.

I needed to set "Bypass firewall rules for traffic on the same interface" under Firewall -> Settings -> Advanced