OPNsense Forum
Archive => 21.1 Legacy Series => Topic started by: Antonio76 on April 28, 2021, 07:23:07 pm
-
Hello Community,
my first post here. Nice to meet you all.
I have moved to OPNsense 2 days ago from PFSense, due to the NAT stability issue for the 2.5.1 version.
I'm very happy with the OPNSense and I would love to stick with it.
Problem :
for the LAN subnet which hosts some dockers box, I need to create a FW Rule, outbound, and in the advanced option, it offer the possibility to select what GW. In PFsense this works out of the box. I do have an ISP GW (standard) and an Openvpn GW (for services like NordVPN and similar).
However, in OPNsense, I got the following error: Policy-based routing (gateway setting) is only supported on inbound rules.
So first of all, why offer this option if not supported. Not need an answer here :).
Second, how can I achieve the same goal with OPNsense? The information available on this issue is very scarce to find.
Thanks in advance for the help and clarification.
best regards,
-
In / out is always from the firewall's perspective. In your case, an "out" rule on the LAN interface would mean from OPNsense out to the dockers box. Which is not what you want for PBR. An "in" rule is correct: From the dockers box into OPNsense (and then onwards to the selected gateway).
The information available on this issue is very scarce to find.
While https://docs.opnsense.org/ is not perfect, the firewall direction and PBR basics should be covered there.
Cheers
Maurice
-
The help text for “Direction” in the FW rules has also been enhanced in 21.1.5 to explain IN and OUT in more detail, to seek to overcome this confusion :)
-
Many thanks for the support. I will definitely look at this from the FW perspective.
I have already tested with the option "In"rather than out" with little success, but I will double-check to be sure once again.
cheers,