Routing: How to add custom reply-to to specific traffic on non-wan interface?

[alh]

My OPNsense sits behind two other routers. I have HAproxy installed and configured. I want to offer some services via WAN/router 1 and some via WAN/router 2.

• request hits router 1 or 2
• request is port forwarded to OPNsense/HAproxy
• HAproxy speaks to backend
• HAproxy's response is then forwarded to the client via the default gateway (router 1)!

Added difficulty: Router 2 sits in LAN and not on a separate WAN interface of the OPNsense.

How can I achieve that OPNsense sends response via correct gateway/router?

[marcquark]

You're most certainly looking for reply-to on the incoming firewall rule that accepts connections from Router2 to your OPNsense.

I know that reply-to is added by default on WAN interfaces (not differentiated by the name, but rather by the fact that they have a gateway configured). There's a global setting to control this behaviour, so you will want to double-check that it's on. Now how you get OPNsense to add reply-to to only one specific rule on an interface, without setting a gateway, i'm not quite sure, you'd probably have to do some digging to find out whether it's at all possible. I know it's possible to explicitly disable it for specific rules while it's globally enabled, but what you want is the opposite.

If Router2 were on a seperate interface then no problem, configure the interface and set Router2 as gateway. Reply-to will be automatically added.

[alh]

I believe this person has the same/similar issue:

https://forum.opnsense.org/index.php?topic=15900.msg79646#msg79646