OPNsense Forum
Archive => 17.7 Legacy Series => Topic started by: whitwye on August 18, 2017, 04:29:37 pm
-
We have a LAN using several subnets, some in 172.17.0.0/16, plus one in 192.168.1.0/24. Nagios runs from an IP in the latter. With a gateway group set as the gateway for the LAN firewall rule, as the Multi WAN doc says to do, the static route set up to send 192.168.1.0/24 traffic to the LAN gateway fails.
Should I take it this is just how it works, that static routing gets over ridden by any use of gateway groups, so that achieving the results that would normally be done through static routing instead requires special firewall rules? If so, are they then required on each interface, or will floating handle it?
-
Adding rules doesn't work either for this. Above the any-any rule with the gateway group as the gateway selection I've added two rules for the LAN. One is for any traffic to 192.168.1.0/24 to use the explicit LAN gateway (by IP), the other is for the 192.168.1.0/24 traffic to use the "default" LAN gateway. But pings from with 192.168.1.0/24 are not returned. Only switching the any-any rule which follows from the gateway group to "default" allows connections between the OPNsense box and 192.168.1.0/24 to work. But of course, then we don't have Multi WAN for routing out from LAN to the Internet.
This is all with a static route in place. No change there.
-
Found a solution for this one:
Added a Floating rule with these specifics:
Interface: LAN
Direction: In
Source: Single host or network: 192.168.1.0/24
Gateway: default
Note Gateway: LAN_gate (by IP) did not work. Nor did putting rules on the LAN interface itself. But putting this rule as Floating gets it in the right place in the ruleset order to work ahead of the gateway group set for the LAN.