Only able to get internet with an "Any Any" rule.

[TinCanCodings]

Howdy!

I am coming from a pfsense network to OPNsense.

I am in a state of confusion where I can get my network working with an "any any" firewall rule, but I feel I can do better.

My network is essentially a 10.13.0.0/16 network. The core is an HP procurve 2910. I have intervlan routing enabled between my vlans on the switch.

Vlan3 transit - 10.13.0.0/29 gw 10.13.0.6 (procurve ip)

Vlan2 core - 10.13.2.0/24 gw 10.13.2.254

Vlan4 workstation - 10.13.4.0/24 gw 10.13.4.254

OPNsense on 10.13.0.5

Pfsense on 10.13.0.2

My network setup is isp -> unmanaged switch -> OPNsense -> unmanaged switch -> untagged vlan3 on my procurve. From the transit network, traffic flows freely. The unmanaged switches are there as I transition from one router to the other.

The way set up,I do not send internal traffic through pfsense or OPNsense to go between vlans. All traffic is untagged to vlan3.
In pfsense I set up static routes back to each network, connected to a LAN gateway on 10.13.0.6

Nat simply works, but I see rules automatically crafted in pfsense, but not being crafted in OPNsense,which is where I am getting lost I think.

I feel when the answer is revealed I'm going to have a face palm moment.

[Patrick M. Hausen]

In OPNsense you also set up routes to the LAN/VLAN gateway, i.e. your layer 3 switch?

If yes, then what is probably missing is outbound NAT. OPNsense only creates NAT rules for directly connected interfaces automatically. Not for statically routed internal networks. Switch the NAT to "hybrid" and add outbound NAT rules on WAN.

[TinCanCodings]

Right - which makes sense. Static Route would need to understand how to respond to the nat request, or at least where to send it.

These are my nat rules - I think they are correct?