Newbie - MultiWAN Help

[malith]

Let me explain my goal as best as I could.

currently I am using OpenWRT with MWAN3. In my current setup, if I to access facebook.com, youtube.com and a few other social media sites, MWAN3 will route that traffic via my secondary WAN link which is a LTE router.

Anything else will be routed through my primary, a Fibre link. I am using iptables to achieve this in OpenWRT along with MWAN3.

Here's the actual question

I am trying to achieve the same goal, but using OPNSense. But I know it is completely different from OpenWRT.

can someone please, help me to figure out the best way to achieve this goal. for example, if someone tries to access facebook.com or any or their related services, I want it to be routed through WAN2. Any other requests should go through WAN1. WAN1 should not be routing any facebook, youtube and etc related traffic(the ones I specify)

Additionally, in an event of WAN1 failure, WAN2 should handle both Social Media traffic and the rest of the traffic.

So I think, WAN1 should always remain primary, and if the destination is social media related, WAN1 should reject the traffic and divert it to WAN2. WAN2 just routes anything in and out.

[malith]

I tried but for some reason I can't get PBR to work. I think I am doing something wrong

[salihbilgin]

Hi Malith,

I have a suggestion for you below. I think you can solve it without using MultiWAN.

1. Enable DNS-based Alias Resolution
Navigate to Firewall > Aliases.
Click on Settings at the top.
Enable the option Enable DNS-based alias support.
Click Save to apply the changes.
2. Create the Alias for Social Media Sites
Go back to Firewall > Aliases.

Click Add to create a new alias.

Set the Type to URL Table (IPs).

Name it (e.g., SocialMediaSites).

In the Content field, enter the domain names of the social media sites, one per line:

Kodu kopyala
.facebook.com
.youtube.com
.instagram.com
.twitter.com
Note: The leading dot (.) is important as it ensures all subdomains are included.

Optionally, set a TTL (Time to Live) value. This determines how often the alias will refresh the IP addresses from the DNS lookup.

Click Save and then Apply the changes.

3. Use the Alias in Firewall Rules
Navigate to Firewall > Rules > LAN.

Click Add to create a new rule.

Action: Pass
Interface: LAN
Address Family: IPv4 (or IPv4+IPv6 if applicable)
Protocol: Any
Source: LAN Net
Destination: Alias (select the SocialMediaSites alias created earlier)
Gateway: WAN2
Click Save and Apply the changes.

4. Create Default LAN Rule for Other Traffic
Still in Firewall > Rules > LAN, click Add to create another rule below the social media routing rule.

Action: Pass
Interface: LAN
Address Family: IPv4 (or IPv4+IPv6 if applicable)
Protocol: Any
Source: LAN Net
Destination: Any
Gateway: WAN1
Click Save and Apply the changes.

[malith]

Thank you so much.

I can't see this option in mine
Navigate to Firewall > Aliases.
Click on Settings at the top.
Enable the option Enable DNS-based alias support.
Click Save to apply the changes.

I setup a URL Table alias, but they don't get resolved for some strange reason. if I try a host alias, it works. So I tried with that and when I try to access youtube for example, it routes through the WAN2 as expected, but as soon as I start playing the video, it falls back to WAN1

[malith]

for some reason, if I add the URL to the Alias, it  doesn't resolve the IP
example : alias resolve error Test (error fetching alias url .facebook.com)

[Patrick M. Hausen]

An URL based alias is supposed to point to a downloadable list of IP addresses. You probably just want type host.

https://docs.opnsense.org/manual/aliases.html

[malith]

An URL based alias is supposed to point to a downloadable list of IP addresses. You probably just want type host.

https://docs.opnsense.org/manual/aliases.html

Thank you Patrick. I will try this. I was trying to use the ASN and it has so many complications when different providers sharing the same ASN, when they use some CDN