I set up my firewall as discriped in the documentation. I have 2 WAN gateways. My problem is, that I am not able to access the "passive" gateway from inside the lan. Access from extern works via both gateways. When I try to access the passiv gateway (192.168.5.1) from internal, the traffic is always routed through the active (192.168.0.1) gateway.
See traceroute:
traceroute to 192.168.5.1 (192.168.5.1), 64 hops max, 52 byte packets
1 10.1.1.1 (10.1.1.1) 0.723 ms 0.384 ms 0.319 ms
2 192.168.0.1 (192.168.0.1) 0.959 ms 0.858 ms 0.859 ms
3 213-146-234-185.xxxx.de (213.146.234.185) 8.447 ms 4.396 ms 15.199 ms
4 ...
the routes to the passive gateway exist in the active routing table:
Internet:
Destination Gateway Flags Netif Expire
default 192.168.5.1 UGS em2
google-public-dns- 192.168.5.1 UGHS em2
google-public-dns- 192.168.0.1 UGHS em1
10.1.1.0/24 link#1 U em0
OPNsense link#1 UHS lo0
localhost link#5 UH lo0
192.168.0.0/24 link#2 U em1
OPNsense link#2 UHS lo0
192.168.5.0/24 link#3 U em2
OPNsense link#3 UHS lo0
Any Ideas what I have to do, that I can reach my gateway?
Thanks in advance
That's how traceroute works. You reach always the next hop and then your rules wont match anymore. Better so a packet capture on backup WAN If packets are leaving correct.
This ist not the answer of my question.
How can I access the gateway router on the passiv MultiWAN side?
I'm quite sure you have your anti lockout rules only for Firewall1 IP, please double check
yes this was it, now it runs,
thanks