Hello and I'm sorry to bother here with my lack of competence, but it's my first time now trying around with OPNsense and so far everything works fine.
I just encountered an Problem I don't know how to solve.
I use OPNsense with 2 WAN Interfaces from 2 different ISP's in load balancing. The Network speed is awesome and really happy with the result. One of the WAN's has a static IP and for some personal projects I would need to bind certain Local Devices to only use the Gateway with the static IP. I coudn't figure out how to limit certain Local Devices to only use a designated Gateway. Before I switched to OPNsene I been using an Asus MerlinWRT router and there was the Routing Rules Option with Dual WAN to limit certain local IP's to one of the WAN's.
Is there a way to do the same in OPNsense ?
Policy based routing is the way to go.
Create a pass any rule for the internal interface/ LAN, select the devices that should route to the specific GW as source and select the gateway at the end of the rule-config-screen. Place this rule above "default allow" rule.
To select multiple devices following this route, create an alias containing the IPs or (preferred) MACs of the devices. Use this alias as source in the FW rule.
Thank you I'll try it out now :)
Quote from: tiermutter on October 19, 2022, 08:19:50 PM
Policy based routing is the way to go.
Create a pass any rule for the internal interface/ LAN, select the devices that should route to the specific GW as source and select the gateway at the end of the rule-config-screen. Place this rule above "default allow" rule.
To select multiple devices following this route, create an alias containing the IPs or (preferred) MACs of the devices. Use this alias as source in the FW rule.
Ok so I tired it out and added the Alias with the MAC's to the Rule and set up the rule to pass any trafic to a specific GW. But still the Devices don't use the right GW.
Looks good so far. Is it possible that the traffic is ipv6, causing your v4 rules to not be taken into account?
I am mostly sure the trafic is not ipv6 but yeah still don't know what the problem is. :-\
How did you check where the traffic goes out?
For those routing purposes (I am only routing v4 to specefic GW) I created a v6 block rule, blocking v6 for the alias to ensure v6 will never be used an routed to other GW.
This works for me for multiple devices (one ruleset is only used temporarily):
(https://forum.opnsense.org/index.php?action=dlattach;topic=30742.0;attach=24002)
Thank you but it was my own fault, my dumb ass set up the alias wrong and now it works fine. My apologies for the troubles. Have a nice day.