Opnsense prerouting (Policy based routing)?

Started by Jeroen1000, July 02, 2018, 03:43:01 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
July 02, 2018, 03:43:01 PM Last Edit: July 02, 2018, 03:56:58 PM by Jeroen1000
Hi!

I've noticed *bsd is a fair bit different than Linux. Normally, for PBR I would use
Code Select
MARK --set-mark 1 as described here https://www.tldp.org/HOWTO/Adv-Routing-HOWTO/lartc.netfilter.html.

However, as I understand, no router will not able to act on this type of 'mark' as its not actually something that is set in the ip packet. What kind of actionable items can Opnsense use for a policy based routing decision? Hereby excluding the source and destination address as possible candidates.

I have a Linux router in play that will have to mark the traffic somehow so that Opnsense can route it out of the desired interface.

July 02, 2018, 04:11:18 PM #1
You can set the Gateway in a firewall rule, but this only matches for packets going through the firewall.
Packets originating by the firewall can't be policy routed ..
July 02, 2018, 06:54:25 PM #2
Only forwarding chain is ok. But I couldn't really find whether you can match the ToS bits in order to make a routing decision. OR whether there is something better to use than the ToS bits.

I.E.  if match IP precedence 2 => route to GW A
       if match IP precedence 3 => route to GW B

The ToS bits will be set by another router.

July 03, 2018, 08:17:57 PM #3
Does "Match priority" under "Advanced Options" for a rule do what you want?
Print
Go Up Pages1
User actions