Outbound IP of Firewall itself

[nightcode]

Hello together,

I've got a direct fiber connection from my ISP with a public /26 IPv4 subnet.
I want to replace the carrier router with opnsense.

I've got a /31 subnet for routing purposes (e.g. firewall IP is 1.1.1.2 and upstream gateway from my provider is 1.1.1.1) and my main /26 subnet e.g. form 2.2.2.1 to 2.2.2.62.

The problem is that I can use my "Wan-IP" 1.1.1.2 only for routing purposes. For any other traffic I have to use the IP of my larger subnet.

Clients behind the firewall work well from the 2.2.2.0 network but for updates etc. opnsense itself also has to use an IP from this network as outbound address but is always using the WAN IP 1.1.1.2.

How can I force opnsense to use an IP of the 2.2.2.0 network as outbound address?

Thanks a lot in advance

[zan]

In Linux we can do ip route by specifying 'src' attribute as a hint for source address selection.
I have no idea how to do that in Freebsd so the other way I can think of is by using NAT, eg : 1.1.1.2 as source address and 2.2.2.x as translation address.
A bit hackish but should get the job done.

[nightcode]

I don't know if your solution is the right way?

I managed it if I create a virtual IP and set outbound rule from "this firewall" to the designated IP.
But if I do this I have the problem that any other outbound rule is not working anymore.

Any idea how to solve this problem? I think "this firewall" is not the right setting for "source" but what should I use instead?