Is it possible to host a public file server from just one specific WAN gateway when I have two WAN gateways attached?
See attached diagram.
My two WAN connections:
- WAN1: IPv6 with a static public IP address, plus IPv4 using CGnat (no public IP address)
- WAN2: IPv4 with a static public IP address, no IPv6
I have these configured in OPNSense as a fail-over multi-WAN group with WAN1 as primary.
The problem is that I have external clients who need to reach the file server but they themselves are on IPv4-only connections and therefore cannot reach the fileserver which spends 99% of its time on the IPv6 connection only.
Is there a way to allow external IPv4 clients to reach that internal file server while keeping the fail over multi-wan policy in place?
Solved:
- DNS: your.domain:
- A record points to WAN2 IPv4 public address
- Static Route:
- Not needed
- Firewall > NAT > Port Forward > + Add
Interface: WAN2
TCP/IP Version: IPv4
Protocol: TCP
Destination: This Firewall
Destination Port Range: <port> -> <port>
Redirect target IP: <file_server>
Redirect target port: <port>
NAT reflection: Use system default [enabled]
- Firewall > Rules > LAN >+ Add
Action: Pass
Interface: LAN
Direction: in
TCP/IP Version: IPv4
Protocol: TCP
Source: <file_server>
Destination: any
Destination port ranges: any -> any
Gateway: WAN2
- Firewall > Rules > WAN2 > + Add
This will get automatically created:
Protocol: IPv4, TCP
Destination: <file_server> : <port>