If you change the IP address of the routing interface from DHCP to fixed, commun

[syuhei]

I have set up two OPNsense machines and connected multiple networks.
In OPNsense8 and OPNsense7, DHCP is running on the LAN side interface.
When the IP address on LAN8(192.168.8.254) of OPNsense7 is obtained via DHCP, it works as expected.
Pings can be sent to all IP addresses from 192.168.7.100, and the Internet can be accessed.

However, if you statically assign the IP of LAN8 (192.168.8.254) on OPNsense7, communication will not be possible.
When statically assigning an IP, 192.168.8.1 is registered as the upstream gateway in the system gateway, and is also recognized as the DefaultGateway in the status.

The ping results are as follows:
192.168.7.100 -> 192.168.8.100  OK
192.168.7.100 -> 192.168.8.1    OK
192.168.7.100 -> 192.168.0.8    OK
192.168.7.100 -> 192.168.0.100  NG
192.168.7.100 -> 192.168.0.1    NG

[patient0]

Let's recap, working setup if OPNsense 7 get's WAN IP from DHCP:

OPNsense8 :
- WAN IP  : 192.168.0.8
- LAN IP  : 192.168.8.1/24

OPNsense7 :
- WAN IP  : 192.168.8.254 (if DHCP)
- LAN IP  : 192.168.7.1/24

If OPNsense7 gets its IP using DHCP, it receives the gateway by DHCP, too. If you set the WAN IP on OPNsense7 as static you have to create and set a gateway yourself.

The way you describe it, you have assigned the OPNsense WAN IP statically but you have not created and assigned a gateway.

[syuhei]

Thanks for the advice.

However, the gateway is configured manually.
The proof is that I can ping 192.168.0.8.

[patient0]

And is NAT setup on OPNsense8 for traffic leaving through NAT, e.g. with what IP does the ping arrive at OPNsense7 LAN 192.168.0.8?

Btw: To get to 192.168.0.8 there is not much routing necessary. The not-LAN traffic on OPNsense7 is send to gateway 192.168.8.1/OPNsense8 and on OPNsense8 192.168.0.8 is an interface address.

[syuhei]

NAT is running on the WAN interface of OPNsense8.
WAN is disabled in OPNsense7 and NAT is not running.

192.168.0.100 -> 192.168.8.100  NG
192.168.0.100 -> 192.168.7.100  NG
192.168.8.100 -> 192.168.0.100  OK
192.168.8.100 -> 192.168.7.100  OK
192.168.7.100 -> 192.168.8.100  OK
192.168.7.100 -> 192.168.0.100  NG

When using DHCP with the LAN8 interface of OPNsense7, everything communicates normally.
When setting a fixed IP address, I thought all I needed to do was set the DefaultGateway in OPNsense7, but is that wrong?

[patient0]

> 192.168.0.100 -> 192.168.8.100  NG

192.168.0.100 is on the WAN of OPNsense8 and all traffic from LAN OPNsense8 192.168.8.0/24 will be NAT-ted to the OPNsense8 WAN IP 192.168.0.8. From the view of the "world (OPNsense8 WAN net and the rest of internet) 192.168.8.0/24 doesn't exist, only 192.168.0.0/24.

> 192.168.0.100 -> 192.168.7.100  NG
same as above, but even more not-visible

> 192.168.7.100 -> 192.168.0.100  NG

If there is really not NAT on OPNsense7 (what does "WAN disabled" mean?) then I don't know how it would work with DHCP.

OPNsense8 only knows about it's WAN net 192.168.0.0/24 and LAN net 192.168.8.0/24. If you have not added a static route on OPNsense8 to send traffic from 192.168.7.0/24 back to 192.168.8.<OPNsense7 WAN IP> then OPNsense doesn't know where to send traffic originating from 192.168.7.0/24 and will send it out OPNsense8 WAN (and the LAN firewal has to allow traffic from "other-than-LAN net").

If you have added the static route on OPNsense8 for OPNsense7 LAN, you will have to add firewall rules to allow such traffic on OPNsense8 and OPNsense7.

You can use tcpdump or package capture in OPNsense GUI to verify where the traffic goes.

[syuhei]

There is no NAT between OPNsense7 and OPNSense8, it is just routing.
Therefore, 192.168.7.100 <-> 192.168.8.100 can ping each other.

The interface configuration of OPNsense7 is as shown in the figure.

[syuhei]

An Any OK firewall rule has been set for all LANs on OPNsense7 and OPNsense8.
A route for 192.168.7.0/24 has also been added to OPNsense8.

[patient0]

Then I don't know, I guess it's time to use tcpdump to see where the package(s) go and where they stop.