1d10t's First Post

[1d10t]

Okay, so I thought I had a working knowledge of networks and core network services but I have a extremly stupid question.
So I have konsense fired up, intial config done and can't get out to the inter webs. The anti lock out rules are on but hosts on the internal network can not go out.

My test config: dsl router outbound and inbound - firewall- internal protected network.

dsl ip 192.168.178.1  fw to dsl ip 192.168.178.91 (internal) 192.168.1.1
(ping at the shell level works for 8.8.8.8 and isp dns servers. But internal network doesn't.

What the heck is the right DNS config and why was my lisp dns server that I input into settings not working?
So I tried, dns server of isp into dns server entry of settings, tried allow dns server list to be overridden by dhcp/ppp on wan (didn't work) turned if off (didn't work).

Am I missing a rule on wan for port 53? I thought a dns forwarder forwards the requests to the dsl router then sip dns servers but somehow I  am missing something really obvious and I am a noob.

I'd appreciate a simple answer, if I have to enable NAT and then all works, fine but I have not seen any recommended docs on the correct dns config anywhere (I am most certainly blind). Again sorry for the stupid question.

1D10T

[fabian]

you need to configure a static route in your router so it sends the packets to your hosts via the wan IP of your firewall as a next hop if you don't use NAT on OPNsense.

Kind regards

Fabian