OPNsense Forum

Archive => 22.1 Legacy Series => Topic started by: dcol on June 16, 2022, 08:34:36 pm

Title: Outbound NAT with dual wan
Post by: dcol on June 16, 2022, 08:34:36 pm
I am trying to setup load balancing with two WAN's for my LAN network. I followed the guide, but have issues with connectivity and I think it may be because of the outbound NAT settings. I have Outbound NAT set to manual and have a rule that sets the LAN network to one WAN interface and NAT'ing to a virtual IP on one of the primary WAN interface.

One WAN (primary) has static virtual IP's, the other WAN is DHCP.

Do I need to add another Outbound NAT rule for the DHCP WAN?

The other option is to not use multi-WAN group gateways and put the DHCP WAN as the LAN gateway, but how would The Outbound NAT be configured?

To complicated matters, two computers on the LAN must have some ports accessible on the primary WAN.
Title: Re: Outbound NAT with dual wan
Post by: defaultuserfoo on June 18, 2022, 10:31:59 pm
You don't do manual NAT.  Since there isn't a way to make a gateway group the default gateway, OPNsense isn't really multi-WAN capable.

There are some settings which are difficult to find that allow to fall back to a gateway which is still active when the default gateway is down, and another one to prevent that or something like that.  Using firewall rules to force traffic through a particular gateway is inadvisable because that circumvents the routing table.

If you want port forwarding on multiple WAN interfaces, add the port forwards on each of these WAN interfaces.

Keep things simple.
Title: Re: Outbound NAT with dual wan
Post by: franco on June 20, 2022, 01:46:14 pm
You don't do manual NAT.  Since there isn't a way to make a gateway group the default gateway, OPNsense isn't really multi-WAN capable.

Im wondering about the purpose of such an overzealous opening of a reply. Maybe you can divert your energy to clarify existing documentation and add realistic feature requests since I can see you're not really happy with the current situation.


Cheers,
Franco
Title: Re: Outbound NAT with dual wan
Post by: defaultuserfoo on June 20, 2022, 02:18:28 pm
What is "overzealous" about it?  Letting aside that load-balancing doesn't really work because you can't make a gateway group the default gateway --- or what other way is there --- there is no need to do any outbound NAT for it, so you just don't do it.

I already said that I can't make feature requests when I was told to make them on github because github blocked me a long time ago after they made a change to that effect.

I don't know which documentation you're referring to, and I don't see how I could improve it because I can only go by what this documentation says, by what users on this forum say and by my own guesses and my own experimentation with OPNsense.  That doesn't make me particularly qualified to write documentation; I can only say you don't need to do any outgoing NAT with multiple WAN interfaces because I can see it working without and that load-balancing doesn't really work because there doesn't seem to be any way to do it.  Do you want me to write that into the documentation?

On top of that, my experience with open source projects is that they very seldom fix reported bugs and that they ignore patches when provided or find excuses to do nothing.  So if I were to do anything with the documentation, I would expect it to be ignored, so I won't even try.

And since it obviously pisses you off that I'm trying to help here, I'll just stop and come only back if I have more questions.
Title: Re: Outbound NAT with dual wan
Post by: franco on June 20, 2022, 02:55:54 pm
I can understand the GitHub story and I remember it from before. The result is the same though is that you pass the opportunity to the next person who is probably not as smart as you are.

If multi-WAN doesn't work there is a lot to do either in code or documentation. If nothing happens after the fact then the question is if it doesn't work is really the right conclusion, but would leave that here for others to evaluate independently.

In any case this could not go without perspective attached.


Cheers,
Franco
Title: Re: Outbound NAT with dual wan
Post by: Patrick M. Hausen on June 20, 2022, 03:09:08 pm
On top of that, my experience with open source projects is that they very seldom fix reported bugs and that they ignore patches when provided or find excuses to do nothing.  So if I were to do anything with the documentation, I would expect it to be ignored, so I won't even try.
Sorry, but this is ridiculous. Even I - a total noob as a PHP coder, although a very experienced sysadmin and network engineer - have submitted a handful of pull requests to OPNsense, which were all addressed in a friendly and supporting manner and finally incorporated into the product. More to be expected.

My coworkers contribute to the TYPO3 and Neos CMS projects all the time as part of their work.

Submit patches, if you can, please.