Messages

I should also mention that my setup is rather complex and that would complicate picking out the issue. I could maybe set up a test rig but then there's still so much that needs to be passed around.

If you really need it, I can set up said test rig, but it would be best if we could communicate more directly.

You should be able to do a dual wan test just by plugging both interfaces into the same source network with dhcp, then watching packets out of both using tcpdump.

Looks like it's been flagged as support, or in other words, "the user is doing something wrong, it's not a bug". Don't expect a fix any time soon. :(

26.1 appears to have broken dual NAT. https://forum.opnsense.org/index.php?topic=50571.0

Note that I've worked around this issue by setting the WAN I want to run servers from as default gateway and adding rules to all LAN nets to forward traffic to the other gateway. This breaks my failover plan and won't help if you're serving via multiple WANs so it's not perfect.

Note that I've worked around this issue by setting the WAN I want to run servers from as default gateway and adding rules to all LAN nets to forward traffic to the other gateway. This breaks my failover plan and won't help if you're serving via multiple WANs so it's not perfect.

It looks like I've not only been fighting adding a new gateway to my setup but an issue with the system upgrade.

https://forum.opnsense.org/index.php?topic=50620.0

In the meantime I've worked around the issue by setting the uplink with the public IP as the primary gateway, and then adding rules to all LAN interfaces to route their traffic to the uplink without metered bandwidth.

This is too difficult trying to debug my configuration.

Could someone please give an example for configuring an otherwise vanilla firewall with two properly configured WAN ports, for a server that's on LAN being accessed via the non-default gateway? I should be able to specialize from there.

- Setting "reply-to" tagging to the appropriate gateway did not help.

- Interface configuration for that gateway is DHCP, not sure what you mean. That interface is set as a gateway and is operating; if I change its priority to highest in gateway configuration it operates as expected.

- Firewall rule is defined on correct interface (and is where I changed the "reply-to tagging setting).

I have no floating rules defined and there are no pass rules that appear to have precedence... With the exception of one autogenerated rule that appears to be getting involved in the exchange, "let out anything from firewall host itself". Could this be getting in the way?

Background: I have two satellite uplinks, one with unlimited bandwidth but behind a NAT, and one with a public IP but metered bandwidth. The first is set as my default gateway, while the second will be limited for external service.

I've been trying to route traffic for my Nextcloud server through the second gateway, and have created firewall rules to do so. tcpdump shows connection replies from activity on the second gateway being sent out the first one despite all attempts I've made to direct the traffic correctly. Connections initiated from the server going outside are being routed through the correct (second) gateway.

Here are my routing table status and the firewall rules I've created... https://imgur.com/a/az73LDb

Here is the output of pfctl -sr ... https://pastebin.com/gunnwfX3

Edit: The screenshots don't show that the bottom two rules have the gateway set as WANsat2

[telegraf]

I had the exact same problem and wound up burning 100GB of bandwidth per day on a speedtest. I discovered it was an option in the telegraf plug-in that was enabled by default.