new lan not getting access to internet

Started by bloodyskullz, October 11, 2023, 04:09:40 AM

Previous topic - Next topic
Print
Go Down Pages1 2
User actions
October 11, 2023, 04:09:40 AM
Hey,

So i am not a networking expert but I am hoping to get some assistance with an issue i am dealing with. Currently I have a mini pc with multiple ports and one port I labelled as a LAN port with subnet 10.0.0.0/24, main LAN is 192.168.1.1

I can't seem to get internet going on this LAN and I think my rules are wrong, even a simple ping would work for a bit then fail entirely.

I currently have the LAB network, any port going to the WAN address as destination with any port for port and gateway.

Is that the wrong rule?
October 11, 2023, 10:29:18 AM #1
For Internet access, destination must be 'any', not 'WAN address'.

Cheers
Maurice
OPNsense virtual machine images
OPNsense aarch64 firmware repository

Commercial support & engineering available. PM for details (en / de).
October 11, 2023, 11:19:30 AM #2
As Maurice said, destination field in the rule cant be WAN for this, the WAN specifies the FW WAN interface IP.

So by your rule traffic only to the WAN IP is permitted and not to the Internet. You need to put ANY or if you want only Internet access while blocking LAN communication between host you can do it via Alias using inverse match in the rule.

Regards,
S.
Networking is love. You may hate it, but in the end, you always come back to it.

OPNSense HW
APU2D2 - deceased
N5105 - i226-V | Patriot 2x8G 3200 DDR4 | L 790 512G - VM HA(SOON)
N100   - i226-V | Crucial 16G  4800 DDR5 | S 980 500G - PROD
October 11, 2023, 02:43:11 PM #3
I just made the change and I still can't seem to load any webpage, do i need to have any other rules for internet access?
October 11, 2023, 03:17:50 PM #4
Is this a physical or VM installation?
October 11, 2023, 04:36:51 PM #5
Opnsense is on a physical machine - tiny mini pc with 6 ports. I plugged a laptop directly into it and it's getting a dhcp lease but no access to the internet.
October 11, 2023, 05:29:58 PM #6
I asked because I had a similar problem on a VM.
I solved the problem by restoring the hard disk from a backup of 4 days ago.
October 11, 2023, 06:01:29 PM #7
Quote from: bloodyskullz on October 11, 2023, 04:09:40 AM
[...] and gateway.

Did you specify a gateway in the firewall rule? Don't do that unless you know what you're doing (policy-based routing).
OPNsense virtual machine images
OPNsense aarch64 firmware repository

Commercial support & engineering available. PM for details (en / de).
October 11, 2023, 07:42:50 PM #8
Quote from: Maurice on October 11, 2023, 06:01:29 PM
Quote from: bloodyskullz on October 11, 2023, 04:09:40 AM
[...] and gateway.

Did you specify a gateway in the firewall rule? Don't do that unless you know what you're doing (policy-based routing).

Currently set to default at the moment.
October 11, 2023, 09:55:18 PM #9
please show your interface definition and its rules.
Also your DNS settings for system and your resolver i.e. Unbound or what you setup.
Any diagnostic done so far would be helpful like a dig or nslookup from a client on the new network.
October 11, 2023, 11:24:08 PM #10 Last Edit: October 11, 2023, 11:35:55 PM by bloodyskullz
Sorry but are you looking for screenshots or a CLI output?

Only DNS settings I have made were for the DHCP scope which is the same that I did for the main LAN (multiple ports are setup via lan bridge mode).

I don't know what Unbound is and I never messed with any of those settings.

Tracert results from a windows system

QuoteC:\Windows\System32>tracert 1.1.1.1

Tracing route to 1.1.1.1 over a maximum of 30 hops

  1     *        *        *     Request timed out.
  2     *        *        *     Request timed out.
  3     *        *        *     Request timed out.
  4     *        *        *     Request timed out.
  5     *        *        *     Request timed out.
  6     *        *        *     Request timed out.
  7     *        *        *     Request timed out.
  8     *        *        *     Request timed out.
  9     *        *        *     Request timed out.
10     *        *        *     Request timed out.
11     *        *        *     Request timed out.
12     *        *        *     Request timed out.
13     *        *        *     Request timed out.
14     *        *        *     Request timed out.
15     *        *        *     Request timed out.
16     *        *        *     Request timed out.
17     *        *        *     Request timed out.
18     *        *        *     Request timed out.
19     *        *        *     Request timed out.
October 12, 2023, 01:00:43 AM #11
May we see your specific rules for this LAN?
Deciso DEC697
+crowdsec +wireguard
October 12, 2023, 01:28:35 AM #12
Screenshot of the rules section for the Lab portion is attached
October 12, 2023, 01:43:26 AM #13
The direction of the first rule is wrong. This must be an 'in' rule (from the LAB net into OPNsense).
This also makes the second rule redundant.
OPNsense virtual machine images
OPNsense aarch64 firmware repository

Commercial support & engineering available. PM for details (en / de).
October 12, 2023, 02:32:15 AM #14
Im confused as to how this actually worked (ignorance kicking in at the moment) as it isn't making sense to me.

For "Alternate hostnames" I specified both my LAN and LAB gateways which allows me to ping both subnets but the traffic to each should still be segregated right?
Print
Go Up Pages1 2
User actions