[SOLVED] Complex multi-wan (one internal service available via one WAN only)

[ozpac]

Is it possible to host a public file server from just one specific WAN gateway when I have two WAN gateways attached?
See attached diagram.

My two WAN connections:
- WAN1: IPv6 with a static public IP address, plus IPv4 using CGnat (no public IP address)
- WAN2: IPv4 with a static public IP address, no IPv6

I have these configured in OPNSense as a fail-over multi-WAN group with WAN1 as primary.

The problem is that I have external clients who need to reach the file server but they themselves are on IPv4-only connections and therefore cannot reach the fileserver which spends 99% of its time on the IPv6 connection only.

Is there a way to allow external IPv4 clients to reach that internal file server while keeping the fail over multi-wan policy in place?

[ozpac]

Are VLANs the answer?

[ozpac]

Solved:

 - DNS: your.domain:
   - A   record points to WAN2 IPv4 public address

 - Static Route:
   - Not needed

 - Firewall > NAT > Port Forward > + Add
   Interface: WAN2
   TCP/IP Version:   IPv4
   Protocol: TCP
   Destination: This Firewall
   Destination Port Range:   <port> -> <port>
   Redirect target IP:   <file_server>
   Redirect target port: <port>
   NAT reflection: Use system default [enabled]

 - Firewall > Rules > LAN >+ Add
   Action: Pass
   Interface: LAN
   Direction: in
   TCP/IP Version: IPv4
   Protocol:   TCP
   Source:   <file_server>
   Destination:   any
   Destination port ranges: any -> any
   Gateway:   WAN2

 - Firewall > Rules > WAN2 > + Add
   This will get automatically created:
   Protocol: IPv4, TCP
   Destination: <file_server> : <port>