Firewall Multi WAN not working properly

Started by johnab, July 21, 2020, 11:02:40 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
July 21, 2020, 11:02:40 AM
Hello,

i have three WAN Interfaces with Public IPs. Therefore i created a WAN Group with one gateway as Failover.

According to the Opnsense Documentation you have to change the Gateway from "Default" to "Wan Group" (Deault LAN rule to Any) to route the Traffic over the WAN Interfaces.

I also added the DNS rule, because the DNS traffic will be routed outside with this configuration.
I recognised, that all traffic is now routed outside, this includes also the traffic directly to the firewall.

Now i added the following rule before the "Allow lan to any rule":

Action: PASS
Source: LAN net
Destination: LAN net
Gateway: Default

Now i am able to ping the firewall correctly. Is this configuration correct or do you have any other suggestions how to fix this?

Sorry for my bad english

Regards
johnab
July 21, 2020, 09:36:00 PM #1
What I like to do in situations like this is the following:

Create an alias:
Name: RFC1918
Type: Network(s)
Content: 192.168.0.0/16,172.16.0.0/12,10.0.0.0/8
Description: Private Networks

And to get started, two LAN rules:

First one for the "Internet" access
Action: PASS
Source: LAN net
Destination / Invert: check
Destination: RFC1918 (use the alias here)
Gateway: WAN_GROUP

And the second one is basically your standard rule
Action: PASS
Source: LAN net
Destination: LAN net
Gateway: Default

So we basically route everything that is targeted to NOT a private IPv4 adresses through the WAN Group. The other, "internal" traffic will skip the first rule.

However, this is a *works for me* and only if you just use IPv4 and no public IPs internally. Depending on your network it might cause issues. Of course you can work on from here and tweak it to your desire if the basic idea is working for you.

Let me know it this maybe helps :)
Print
Go Up Pages1
User actions