Help! Cannot get out WAN interface from DMZ for some services (and reverse)

Started by Tugdualenligne, April 02, 2020, 10:14:24 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
April 02, 2020, 10:14:24 PM Last Edit: April 02, 2020, 11:37:08 PM by Tugdualenligne
Hi there, hope you're OK in this difficult Covid-19 environment.

I installed OPNsense running on Proxmox on a dedicated machine with 4 NIC.

My home network is as follow (^v are representing links) :

ISP Fiber ONT (public IP)
^v
ISP Router/Wifi 192.168.0.254 (the ISP router is also a Wifi AP)
        ^v LAN1 Wifi 192.168.0.0/24
        ^v WAN OPNsense NIC1 192.168.0.31 (access authorized from private networks)
                  ^v LAN2 OPNsense NIC2 192.168.3.0/24
                            ^v Laptops and other mobile devices
                  ^v DMZ OPNsense NIC3 192.168.2.0/24
                            ^v VM1 Plex 192.168.2.18
                            ^v VM2 Duplicati 192.168.2.16
                            ^v VM3 ...

The situation:
- LAN1 and LAN2 access the Internet without any issue
- LAN2 access the DMZ without any issue
- Issue #1: DMZ can ping Google.com but:
- cannot open a web page, or cannot update my Linux VMs (apt-get does not work, on any of the 3 VM)
- Plex cannot connect to the Internet. The WAN interface denies access with a "default deny rule" that I suppose is because of a floating rule (that I can't delete!)
- Issue #2: LAN1 and Internet cannot access the DMZ (while it should, thru for example port 32400 for Plex)

Illustration of issue #1 for Plex (firewall log; the 86.xx IP is my public address, the xx.0.50 IP is my phone from LAN1, the xx.2.18 is my VM1 from DMZ):
cf. image #1

I have tried everything:
- many tries to NAT and FW rules
- enabling a DMZ on my ISP Router and directing flows to the OPNsense WAN address
- and many, many other things (cleared the states, tried Outbound NAT auto reflection, rebooted, etc.)

Any help very welcomed as I'm (quite) new to firewalls and getting a bit crazy with this!

Below my NAT, Floating rules, WAN, DMZ and LAN settings:
Firewall NAT settings
cf. image #2

Firewall Floating rules
cf. images #3, 4, 5

Firewall WAN settings
cf. image #6

Firewall DMZ settings
cf. image #7

Firewall LAN settings
cf. image #8
April 02, 2020, 10:15:13 PM #1
Images 4 to 6
April 02, 2020, 10:15:51 PM #2
Images 7 to 8 (end)
Print
Go Up Pages1
User actions