Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
17.7 Legacy Series
»
where is switch gateway
« previous
next »
Print
Pages: [
1
]
Author
Topic: where is switch gateway (Read 4544 times)
gilau
Newbie
Posts: 2
Karma: 0
where is switch gateway
«
on:
November 04, 2017, 10:38:06 am »
hi,
I have used pfsense so far but now I want to try OPNsense.
I have 2 wan connections. For a part of network (192.168.1.x-192.168.1.x+50) DHCP users I need to force them to use ISP2 and all know MAC to use ISP1 (except the situation when one isp is down).
In pfsense I have set a firewall rule with specific gateway and I found there is in [miscellaneous] a setting - [allow switching gateway] to check.
In OPNsense there is a setting like this?
In OPNsense should I set a new rule for DNS?
Also in pfsense I have used group gateways for failover
GWGRP1 ISP1 tier1 ISP2 tier2 - for known macs - main network
GWGRP2 ISP2 tier1 ISP1 tier2 - for dhcp for phone tabets so
firewall rule for dhcp with gateway GWGRP2
Can anyone to help me with some short explication how to set failover gateways?
thank you very much!!!
Logged
robvh
Newbie
Posts: 10
Karma: 2
Re: where is switch gateway
«
Reply #1 on:
November 04, 2017, 11:31:05 am »
I use "Firewall: Settings: Advanced: Skip rules" for this purpose. A rule forces traffic from specific clients into a gateway, unless the gateway is down.
Logged
Oxygen61
Sr. Member
Posts: 350
Karma: 32
Der Weg zum Erfolg hat keine Abkürzung - (Tanaka)
Re: where is switch gateway
«
Reply #2 on:
November 04, 2017, 03:17:59 pm »
Hi gilau,
in OPNsense you can find the same settings, but they are located somewhere different.
If you want to use a specific gateway for your rules you can do that:
Firewall > Rules > LAN (for example) > "+" > scroll down >
change Gateway "default" to the Gateway you wish you want to use
This will then allow traffic ONLY when the traffic is going to be send through the gateway set there.
In terms of Failover Gateway, you can create a Failover Gateway with your both ISP Connections and then use this "Failover Gateway" as a gateway in your rules instead.
Internal Traffic Firewall rules though (Traffic from a LAN to another subnet where your DNS Server resides) should use the "Default" setting in your Firewall rules.
Every Multi-WAN Setting, which needs to be looked at or changed can be found here:
Firewall > settings > Advanced > Gateway Monitoring and Multi-WAN
Quote
In OPNsense should I set a new rule for DNS?
Sure since your Subnets will need to talk to your DNS. If your corporate LAN has a DNS Server, which can be used you can make a rule with "default" gateway set, which allows UDP/TCP Traffic to this specific DNS Server IP using port 53. In case you don't have a valid DNS Server in your net, you can aswell let OPNsense do all the DNS resolving via Unbound or DNSmasq DNS Deamon. This would then mean that your rules must be changed to allow UDP/TCP Traffic with port 53 to the firewall Gateway IP address of this specific Subnet.
Failover Gateway configuration:
For failover gateways you can build them here:
System > Gateway > Group
You will then be able to select different tiers for your Gateways, where tier 1 means "best" and tier 2 means "2nd best" gateway to be used. The apinger daemon of OPNsense will then automatically change these gateways and monitor them wether there is high latency, packet loss or member down events occuring.
For more and better explanation please check out the following tutorial/how-to:
https://wiki.opnsense.org/manual/multiwan.html
best regards,
Oxy
Logged
gilau
Newbie
Posts: 2
Karma: 0
Re: where is switch gateway
«
Reply #3 on:
November 04, 2017, 06:17:42 pm »
Oxy, thank you so much!!
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
17.7 Legacy Series
»
where is switch gateway