Giving up on Opnsense - No Internet !!!!

Started by ibexcentral, August 14, 2023, 10:49:16 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
August 14, 2023, 10:49:16 AM
Problem: Cannot connect to the internet (ISP Static IP > Modem Bridged Modem > OpnSense Atom G5)

ISP Superloop new service connected today with static IP. I don't get it, I have a LAN Interface with the Static IP and DHCP to provide IP's for LAN which is fine. The WAN is set to DHCP for IPv4 and IPv6 and the WAN gets allocated an IP address but I cannot access internet from the LAN?

August 14, 2023, 11:19:12 AM #1
Did you create an outbound NAT rule?
Intel N100, 4 x I226-V, 16 GByte, 256 GByte NVME, ZTE F6005

1100 down / 770 up, Bufferbloat A
August 14, 2023, 11:25:30 AM #2 Last Edit: August 14, 2023, 11:47:12 AM by ibexcentral
Quote from: meyergru on August 14, 2023, 11:19:12 AM
Did you create an outbound NAT rule?

Thanks for responding! I have to get the internet working tonight via Opnsense. I have done nothing other than install Opnsense and have igb0 = WAN and igb1 = LAN

Any step by step guidance would be awesome.

The NAT Outbound is already set as the following I didn't change anything:

Automatic rules
       Interface   Source Networks   Source Port   Destination   Destination Port   NAT Address   NAT Port   Static Port   Description
      WAN   LAN networks, Loopback networks, 127.0.0.0/8   *   *   500   WAN   *   YES   Auto created rule for ISAKMP
      WAN   LAN networks, Loopback networks, 127.0.0.0/8   *   *   *   WAN   *   NO   Auto created rule
August 14, 2023, 12:31:54 PM #3 Last Edit: August 14, 2023, 12:34:29 PM by ibexcentral
I get the following from the dashboard, the IP's get allocated but not traffic:



August 14, 2023, 01:14:30 PM #4 Last Edit: August 14, 2023, 01:17:40 PM by meyergru
Quote from: ibexcentral on August 14, 2023, 11:25:30 AM
Quote from: meyergru on August 14, 2023, 11:19:12 AM
Did you create an outbound NAT rule?

Thanks for responding! I have to get the internet working tonight via Opnsense. I have done nothing other than install Opnsense and have igb0 = WAN and igb1 = LAN

Any step by step guidance would be awesome.

The NAT Outbound is already set as the following I didn't change anything:

Automatic rules
       Interface   Source Networks   Source Port   Destination   Destination Port   NAT Address   NAT Port   Static Port   Description
      WAN   LAN networks, Loopback networks, 127.0.0.0/8   *   *   500   WAN   *   YES   Auto created rule for ISAKMP
      WAN   LAN networks, Loopback networks, 127.0.0.0/8   *   *   *   WAN   *   NO   Auto created rule

That are not the needed rules. You will have to have an outbound NAT rule that translates all LAN traffic from LAN net directed at WAN to use your public WAN interface IP.

Normally, it suffices to have "hybrid outbound NAT" checked under "Firewall: NAT: Outbound", however, I prefer to create such rules explicitely. Also, there are some default firewall rules that are created for LAN which get lost if you rename the interfaces afterwards.

You can check if the problem is NAT by trying an update from OpnSense itself. If that works, it is proof that internet access works from the box, but not from the LAN.
Intel N100, 4 x I226-V, 16 GByte, 256 GByte NVME, ZTE F6005

1100 down / 770 up, Bufferbloat A
August 14, 2023, 03:53:06 PM #5
You shouldn't need to do anything with NAT, but I'll echo that you should try doing an update from OPNSense to confirm that it's able to access the internet.

Are you able to access the bridged modem UI from LAN?  Are you getting a public IP on your OPNSense WAN?
Print
Go Up Pages1
User actions