Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
23.7 Legacy Series
»
MultiWAN: Force traffic from firewall itself to specific gateway
« previous
next »
Print
Pages: [
1
]
Author
Topic: MultiWAN: Force traffic from firewall itself to specific gateway (Read 1145 times)
PhreakShow
Newbie
Posts: 9
Karma: 0
MultiWAN: Force traffic from firewall itself to specific gateway
«
on:
December 08, 2023, 01:42:10 am »
Hi guys.
I am using opnsense 23.7.9 with two ISPs and two WAN interfaces. I want to use WAN1 to update my dyndns address, never WAN2.
So that's what I did to achieve that:
ddclient is using api.ipify.org to determine my IP, and uses the default gateway for that (which is the wrong one, WAN2).
I created an alias for api.ipify.org, created a floating fw rule, source "this firewall", destination alias, ipv4, any port, no specific interface selected, and then set the gateway to WAN1.
As soon as I enable this rule, curl -s
https://api.ipify.org
fails and never returns an address. If I disable the rule, it returns the IP from the wrong WAN interface.
As a sanity check I created a LAN rule, outgoing, from any host in my LAN, destination again the alias. If I run Invoke-RestMethod -Uri '
https://api.ipify.org?
format=json' on a windows machine in my LAN, it uses the correct gateway and returns the correct address. As soon as I disable the run, it returns the wrong one.
So in my LAN case, it works as expected.
How can I make this work for traffic from the opnsense itself? For testing I even set the destination to any, routing all the traffic from opnsense over that specific gateway. As soon as I enabled that, even pings to 8.8.8.8 timed out.
What did I do wrong here?
Logged
knebb
Full Member
Posts: 126
Karma: 4
Re: MultiWAN: Force traffic from firewall itself to specific gateway
«
Reply #1 on:
December 08, 2023, 06:17:27 am »
Hi,
just wondering: are you using the Dynamic DNS service of OPNSEnse?
There you can set the interface to watch for IP Changes. And once it realizes such a change it updates the IP on your DynDNS provider. Works smoothless here with two WANs from two different provider, too.
Or does your DynDNS provider only allow updates from exactly this IP it is updating?
Change provider.... or you might want to set a gateway only for this provider hostname...
/KNEBB
Logged
tiermutter
Hero Member
Posts: 1097
Karma: 61
Re: MultiWAN: Force traffic from firewall itself to specific gateway
«
Reply #2 on:
December 08, 2023, 06:29:29 am »
In a multi WAN scenario with failover or balancing this won't work since -as said- ddclient will always use the default gateway.
In this case you need to redirect this traffic outgoing. I created a tutorial for the docs, but it is obiously not online since I am not able to provide it via github
Logged
i am not an expert... just trying to help...
tiermutter
Hero Member
Posts: 1097
Karma: 61
Re: MultiWAN: Force traffic from firewall itself to specific gateway
«
Reply #3 on:
December 08, 2023, 06:31:12 am »
https://forum.opnsense.org/index.php?topic=34139.msg172560#msg172560
Logged
i am not an expert... just trying to help...
PhreakShow
Newbie
Posts: 9
Karma: 0
Re: MultiWAN: Force traffic from firewall itself to specific gateway
«
Reply #4 on:
December 08, 2023, 01:37:00 pm »
Oh boy, I searched for multiwan and dyndns, but somehow I missed your huge explanation there.
I also missed the fact that you could just select "Interface x" in the drop down, how to determine the IP.
That seems to solve my problem, as I have plain modems connected to each interface and they work as bridges without their own IP. Now I selected the interface in the drop down and it seems to work.
Thanks. Not what I had in mind, but even better
Logged
tiermutter
Hero Member
Posts: 1097
Karma: 61
Re: MultiWAN: Force traffic from firewall itself to specific gateway
«
Reply #5 on:
December 08, 2023, 02:07:32 pm »
Yee, having the public IP assigned to OPNsense WAN interface, this option is best and simplest way to go...
Logged
i am not an expert... just trying to help...
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
23.7 Legacy Series
»
MultiWAN: Force traffic from firewall itself to specific gateway