[SOLVED] Complex multi-wan (one internal service available via one WAN only)

Started by ozpac, March 25, 2024, 01:01:16 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 25, 2024, 01:01:16 PM Last Edit: April 04, 2024, 12:59:40 PM by ozpac
Is it possible to host a public file server from just one specific WAN gateway when I have two WAN gateways attached?
See attached diagram.

My two WAN connections:
- WAN1: IPv6 with a static public IP address, plus IPv4 using CGnat (no public IP address)
- WAN2: IPv4 with a static public IP address, no IPv6

I have these configured in OPNSense as a fail-over multi-WAN group with WAN1 as primary.

The problem is that I have external clients who need to reach the file server but they themselves are on IPv4-only connections and therefore cannot reach the fileserver which spends 99% of its time on the IPv6 connection only.

Is there a way to allow external IPv4 clients to reach that internal file server while keeping the fail over multi-wan policy in place?
March 31, 2024, 10:21:31 PM #1
Are VLANs the answer?
April 04, 2024, 12:57:21 PM #2
Solved:

- DNS: your.domain:
   - A   record points to WAN2 IPv4 public address

- Static Route:
   - Not needed

- Firewall > NAT > Port Forward > + Add
   Interface: WAN2
   TCP/IP Version:   IPv4
   Protocol: TCP
   Destination: This Firewall
   Destination Port Range:   <port> -> <port>
   Redirect target IP:   <file_server>
   Redirect target port: <port>
   NAT reflection: Use system default [enabled]

- Firewall > Rules > LAN >+ Add
   Action: Pass
   Interface: LAN
   Direction: in
   TCP/IP Version: IPv4
   Protocol:   TCP
   Source:   <file_server>
   Destination:   any
   Destination port ranges: any -> any
   Gateway:   WAN2

- Firewall > Rules > WAN2 > + Add
   This will get automatically created:
   Protocol: IPv4, TCP
   Destination: <file_server> : <port>
Print
Go Up Pages1
User actions