Problem with new Firewall

Started by Matt_K, February 20, 2026, 05:28:51 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 20, 2026, 05:28:51 PM
I just set up a new OPNsense firewall and I'm running into a weird connectivity issue.

WAN and LAN both appear to be configured correctly (at least partially).
From my PC on the LAN, I can access the firewall GUI without any issues.
The firewall itself has full internet access — it can ping external hosts, check for updates, and install them successfully.

However, my LAN clients cannot access the internet at all.

Some additional details:

I have not created any custom firewall rules.
The default "allow LAN to any" rule is present and appears to be working.
I can see traffic hitting that rule (including outbound attempts to port 443).
The traffic graph shows some activity going out.
From the LAN side, everything works up to the firewall — but nothing beyond it.
On the client side, all internet requests just time out completely.

At this point, it feels like traffic is leaving the LAN and passing through the firewall, but return traffic is not making it back to the client — almost like a routing or NAT issue.

Has anyone run into something like this before or have suggestions on what I should check next?
Today at 12:38:03 AM #1
Quote from: Matt_K on February 20, 2026, 05:28:51 PMHowever, my LAN clients cannot access the internet at all.
What doesn't work EXACTLY ?!

Post some ping/tracert/traceroute/dig/drill/nslookup output for example !!
Weird guy who likes everything Linux and *BSD on PC/Laptop/Tablet/Mobile and funny little ARM based boards :)
Today at 08:53:51 AM #2
First, @nero355 is right, see point 8 here.

That being said, this sounds like a router-behind-router scenario where you forgot to have outbound NAT on your OpnSense such that the returning packets do not get back because the front router does not know about your LAN subnet, see point 4 here.
Intel N100, 4* I226-V, 2* 82559, 16 GByte, 500 GByte NVME, ZTE F6005

1100 down / 800 up, Bufferbloat A+
Today at 10:07:45 AM #3
I also performed a migration to the new firewall. However, I have to say that I'm not having any problems with clients accessing the internet or anything like that. You might have a rule that's preventing your clients from accessing the internet through OpenSense. Remote diagnostics are very difficult in this case with so little information.

What exactly happens when you try to access the internet with a client? What is logged in the firewall?

Because otherwise, I think this is just a guessing game.

Best regards
Print
Go Up Pages1
User actions