Can not get on the Internet LAN Side, but OPNSense itself can Ping 8.8.8.8

[fbeye]

Hello. It appears that 1:1 works best for one LAN Network..I am sure it is more complex but for me seems not what I need as you say.

I understand what you say for Outbound NAT... I will create OB NAT assigning LAN Networks to their respective WAN IP's. Would there be a preference to use BINAT on that?

I will go home and attempt all this and I am sure I will have better success, I am betting me making 1:1 really messed it up for me.

One more question [for now];

Being these 6 Networks reside/are hosted on the SG350XG via GE 1/1 172.16.2.2 and is connected to OPNSense LAN Interface 192.168.2.1, I need to create static routes on OPNSense to tell it where to find these Networks but I see that to create a static route I need a Gateway aside from "null".
Would this Gateway be the IP of the OPNsense LAN Interface IP 172.16.2.1 or the SG350XG IP 172.16.2.2...I am thinking in terms of usually I just create the "next hop" where to find the Networks and never really dealt with having to create a Gateway for the routes..

[Patrick M. Hausen]

Hello. It appears that 1:1 works best for one LAN Network

No! Unless you have a public network of exactly the same size, 1:1 does not work.

Internal: network, probably /24, possibly /16
External: single IP address

That's outbound. Always. No binat, no 1:1.

Networking fundamentals, not in any way OPNsense specific.

[fbeye]

Ahhh alright, I got ya. Thank you.

[dseven]

Being these 6 Networks reside/are hosted on the SG350XG via GE 1/1 172.16.2.2 and is connected to OPNSense LAN Interface 192.168.2.1, I need to create static routes on OPNSense to tell it where to find these Networks but I see that to create a static route I need a Gateway aside from "null".
Would this Gateway be the IP of the OPNsense LAN Interface IP 172.16.2.1 or the SG350XG IP 172.16.2.2...I am thinking in terms of usually I just create the "next hop" where to find the Networks and never really dealt with having to create a Gateway for the routes..

The gateway is the next hop. OPNsense already knows what its own IP address is - it's the next hop that it needs to know the address of.

[fbeye]

Cool thank you.

I will let ya all know of my success or other questions, thanks.

[fbeye]

Well I clearly done something wrong or missed something.. Currently, OPNSense itself can ping internet and even get updates, but my LAN can do nothing.

[fbeye]

Also

[fbeye]

Last 1

[dseven]

Do you have an "allow" rule on your LAN interface to cover this source subnet?

[fbeye]

Other than what was already put in by default I never did any rules on LAN. Was not aware I needed one outbound

[fbeye]

Alright that seems to have worked, for the 1 Network.
Now, all 6 Networks all reside through the same location as the [working] 192.168.5.0] but the other 5 Networks timeout, no internet connection. All Outbound NAT and LAN Access rules are copied from the working 192.168.5.0 [obviously changing the important stuff] but they do not connect.

Also, my wifi light keeps going red,but keeps internet.

[fbeye]

Also, 2 new photos for comment above.

[fbeye]

GOT IT!

On Interfaces:LAN: Gateway Rules: I had to select the Gateway to the SG350XG, now everything works and I verified each Network is using it's dedicated WAN so, AWESOME..
Thank you all posters for helping and being patient, believe me it inspired me to continue.