Edit: Due to assistance from @greelan, I've updated the post with current changes.
Old pfSense user, migrating to OPNsense.
I have two WAN connections.
1. Gig Fiber - WAN
2. Backup Spectrum cable - OPT1
My default upstream is my Fiber.
I have successfully been able to route all of a client's traffic over OPT1.
I'm having trouble routing ALL machines on the LAN to OPT1 based on site destination.
For example. Machine1 is set to route all traffic over OPT1. Works.
Machine 2 should route over the OPT1 for specified destinations/sites and use the WAN for everything else.. Does not work.
I have aliases create called:
1. SpectrumClients The hosts in this group (LAN Ips) should have all traffic router over OPT1. Currently Works.
2. SpectrumDestinations. These are the URLs/Ips that ALL machines, even those that typically use the WAN, should use OPT1 to reach.
This will apply to my VPN too (both scenarios) but I thought I start with this to remove the VPN tunnel from the problem. A use case for this would be that I can watch TV on my machine, but I have to be on the spectrum internet side. So, I want to leave my machine using the default gateway (WAN) but route the IPs for the soft TV over OPT1. I have the gig/gig connection for normal use, but TV traffic moves to the spectrum cable line (OPT1) It's really for the VPN, but I figured it would be easier to start with this one.
I have two rules that I use for the (working) 'route the entire client' scenario.
1. Rule 1 - Disabled[/b]
a. Pass
b. Interface: LAN
c. Direction: IN
d. Source: SpectrumClients
e. Destination: This firewall
f. Gateway: default
2. Rule 2
a. Pass
b. Interface: LAN
c. Direction In
d. Source: SpectrumClients
e. Destination: Any
f. Default Gateway: OPT1
I've tried several different modifications, but no luck on routing all machines over the OPT1 for specific sites.
Any suggestions on what I need to create (or copy/modify) based on the rules above? Of course SpectrumClients would change to SpectrumDestinations.
I am so thankful for any help or guidance.
Maybe an outbound NAT issue?
BTW, not sure I understand what Rule 1 is doing.
Honestly, that is two of us. I had assistance on that part.
I'll disable it today and see if my routing still works. for the 'entire machine' routing.
Quote from: Greelan on March 10, 2021, 12:56:13 PM
Maybe an outbound NAT issue?
BTW, not sure I understand what Rule 1 is doing.
I've disabled it, and it still seems to route. I'm going to update the thread topic. Can you expand a bit on nat and what you think the rule might look like for site specific router and outbound NAT?