26.1.7_3 - Firewall Logs all show SRC as GW IP

[zartoz]

Caveat up front, new to OPNsense.  Coming over from Untangle.

I have everything functional and started testing out cutting over but I am struggling with getting Firewall Logs to show the Source IP as my 10. internal network.  Everything is being shown as Pass with the rule "let out anything from firewall host itself (force gw)"

I do have dual WAN setup with a Group.

All the entries show the Gateway Interface IP as the Source IP.  I have tried changing the Outbound NAT from Auto to Hybrid and Manual and back again with no change.  I know I am missing something simple.  I did install Zenarmor and that can report out the LAN IP traffic so at least I have some visibility there.

Happy to output anything or try anything that would help troubleshoot as I haven't fully cutover yet and still testing.

[lmoore]

A fresh install of 26.1.2 sets the mode to Disable outbound NAT rule generation (outbound NAT is disabled).

With 26.1 we now use Source NAT and Destination NAT.

I would suggest you create your outbound NAT rules using Source NAT and enable the Log option there.

When creating rules, you can enable the Log option too.

The default installation includes two rules on the LAN interface which have the Log option disabled by default. To enable logging of these rules go to Firewall -> Rules [new];

• Enable Inspect
• Enter LAN network in the search field
• Click on link under Commands for Default allow LAN to any rule and enable logging, then save
• Click on link under Commands for Default allow LAN IPv6 to any rule and enable logging then, save