Hello.
A few days ago I set up an OPNsense box and split my network into a LAN and a DMZ. And I can't for the life of me reach my two Minecraft servers from the internet. Before I set up OPNsense I had them working fine behind my Netgear router with DynDNS and port forwarding. I'm no stranger to configuring a network and having a segregated LAN and DMZ, but the last time I did this was over 10 years ago, using Smoothwall Express. So I'm rusty...
Anyway. I'll describe my network as best I can.
Hardware:The OPNsense box has three physical NICs, so I'm not using a VLAN.
NIC0: WAN - 192.168.1.0/24
NIC1: LAN - 192.168.10.0/24
NIC2: DMZ - 10.0.0.0/24
The server (Proxmox) has two physical NICs.
NIC0: LAN - 192.168.10.0/24
NIC1: DMZ - 10.0.0.0/24
I also have two Netgear switches, one 5 ports and one 8 ports, and a Netgear Wi-Fi router with 4 LAN ports.
The 5 port switch connects the DMZ and the 8 port switch connects the LAN and the Wi-Fi router. The WAN is connected to my ISP's router
Configuration:I'm using Dynamic DNS (No-IP) to host my domain. Let's call it: "mydomain.com" I've set up two subdomains, one for each server: "creative.mydomain.com" and "survival.mydomain.com"
The two virtual servers are configured as follows:
creative - IP: 10.0.0.27 Port: 25565
survival - IP: 10.0.0.26 Port: 25566
Both servers get their IPs from DHCP, but they are static leases. From the game, I can connect to both servers from my LAN using "creative.mydomain.com" and "survival.mydomain.com" And they both respond to ping using their IPs, hostnames and full domain name.
Before I set up the OPNsense box, the servers could be reached from the internet, so as far as I know, both the servers and the No-IP configuration should be. The problem is my OPNsense configuration. I've tried various firewall rules, NAT settings, and DNS settings, but I just can't seem to get it right...
I've reset most of the settings back to the defaults now, to start from scratch and not confuse myself. So at the moment my configuration is very basic and as follows:
Firewall-Rules-DMZ

Services-DHCPv4-Leases

Services-Dynamic-DNS

Services-Unbound-DNS-General

Other than this, the configuration is default, as it is "out of the box". Unless there's something I messed with and forgot to revert back.
There's probably just some obvious basics I don't understand. Any pointers would be appreciated. Let me know if I left out some vital information and I'll provide it.