16
21.1 Legacy Series / How can I exclude individual devices from accessing the backup connection?
« on: July 23, 2021, 03:17:19 pm »
Hi,
Currently OPNsense 21.1.8_1 is in use.
I use a multi-WAN failover configuration with a fast DSL (but not so reliable) connection with 160 Mbit (Gateway Prio 254) and a fallback LTE connection with 15-30 MBit (depending on weather)(Gateway Prio 255).
The two ports are entered as failover group in the OPNSense. The failover works well in this respect. Unfortunately, LTE data rates are expensive in Germany and always have low data limits.
Furthermore, the DSL line often fails during summer storms and the local ISP is difficult or impossible to reach on weekends, so repairs sometimes take until Tuesday.
During the last time when the DSL was down again, one of my game consoles (unnoticed) started to download a big next-gen game update and quickly reached the data limit on LTE (what a joy throttled 64kBit/s are).
So now I want to set up a block for several devices in the house (on different VLANs/interfaces) so that they are not allowed to use the replacement connection.
The devices mostly use standard ports or ports that are also used by other devices that should not be blocked. However, I cannot specify a gateway directly in the port rules.
So how can I force a single device to access the Internet only via DSL without affecting the numerous other pass and block rules (which should remain valid).
Is there a way to force the gateway as desired? If yes, how?
Best regards,
Manuel
Currently OPNsense 21.1.8_1 is in use.
I use a multi-WAN failover configuration with a fast DSL (but not so reliable) connection with 160 Mbit (Gateway Prio 254) and a fallback LTE connection with 15-30 MBit (depending on weather)(Gateway Prio 255).
The two ports are entered as failover group in the OPNSense. The failover works well in this respect. Unfortunately, LTE data rates are expensive in Germany and always have low data limits.
Furthermore, the DSL line often fails during summer storms and the local ISP is difficult or impossible to reach on weekends, so repairs sometimes take until Tuesday.
During the last time when the DSL was down again, one of my game consoles (unnoticed) started to download a big next-gen game update and quickly reached the data limit on LTE (what a joy throttled 64kBit/s are).
So now I want to set up a block for several devices in the house (on different VLANs/interfaces) so that they are not allowed to use the replacement connection.
The devices mostly use standard ports or ports that are also used by other devices that should not be blocked. However, I cannot specify a gateway directly in the port rules.
So how can I force a single device to access the Internet only via DSL without affecting the numerous other pass and block rules (which should remain valid).
Is there a way to force the gateway as desired? If yes, how?
Best regards,
Manuel