Basic multi-WAN route/prioritization

Started by dnll, September 01, 2023, 05:04:36 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
September 01, 2023, 05:04:36 AM
Hello there,

My ISP gave me a modem-router box which I'm able to bypass the routing functin with PPPoE passthrough (WAN_1). So I have this set up in OPNsense and it works well. However, with the PPPoE passthrough, I'm not able to log in to my modem to change its config, so what I'm doing is I'm hooking a second ethernet cable from my modem to my OPNsense box and have this set up as another WAN using DHCP (WAN_2). This way I'm able to access both the internet (through WAN_1 and WAN_2) and my modem-router through WAN_2.

Now, my local network on OPNsense is set up as 10.0.0.0/8. The modem-router box has its own DHCP server working on 192.168.2.0/24. I get a public address on WAN_1 through PPPoE, and a 192.168.2.0/24 address through WAN_2. I'd like all traffic to go through WAN_1 except explicitely for the trafic trying to talk to the 192.168.2.0/24 network. What is the easiest approach?

Thank you!
September 01, 2023, 02:43:53 PM #1
Configure WAN_2 statically.
Don't create a gateway for WAN_2.
Create an outbound NAT rule for WAN_2.
That should be it.

Cheers
Maurice
OPNsense virtual machine images
OPNsense aarch64 firmware repository

Commercial support & engineering available. PM for details (en / de).
September 02, 2023, 03:18:01 AM #2
Quote from: Maurice on September 01, 2023, 02:43:53 PM
Configure WAN_2 statically.
Don't create a gateway for WAN_2.
Create an outbound NAT rule for WAN_2.
That should be it.
So, I disabled the gateway and went to the outbound NAT rule section. Never used this in the past, I'm ready to add a rule but I'm worried I'll lock myself out of my network. I assume the destination would be wan_2_net but I'm unsure about the other settings.
September 02, 2023, 04:25:21 AM #3
The interface in the outbound NAT rule is WAN_2, everything else can be left at default settings.
OPNsense virtual machine images
OPNsense aarch64 firmware repository

Commercial support & engineering available. PM for details (en / de).
September 02, 2023, 04:54:32 AM #4
Quote from: Maurice on September 02, 2023, 04:25:21 AM
The interface in the outbound NAT rule is WAN_2, everything else can be left at default settings.
It works! Would you care to explain to me how outbound packets know whether the need to use the WAN_1 gateway or what is currently called WAN_2 to reach their destination?
September 02, 2023, 05:14:05 AM #5
Have a look at the routing table. 192.168.2.0/24 is on-link on wan_2. And because that route is more specific than the default route (0.0.0.0/0), it has a higher priority.

The outbound NAT rule is required because your "modem router box" doesn't have a return route to the OPNsense LAN subnet (from where you want to access that box).
OPNsense virtual machine images
OPNsense aarch64 firmware repository

Commercial support & engineering available. PM for details (en / de).
September 02, 2023, 05:22:42 AM #6
Quote from: Maurice on September 02, 2023, 05:14:05 AM
Have a look at the routing table. 192.168.2.0/24 is on-link on wan_2. And because that route is more specific than the default route (0.0.0.0/0), it has a higher priority.

The outbound NAT rule is required because your "modem router box" doesn't have a return route to the OPNsense LAN subnet (from where you want to access that box).
You are right about the routes. Thanks for the explanation, that makes a lot of sense! I learn something new everyday :)
Print
Go Up Pages1
User actions