Concept Question: OPNsense as a GW?

[maweber]

Hi

I was patching up this situation using OPNsense, but I would like a second opinion.
This question is about how to set up OPNsense as a GW itself.

Setup is:

Code: [Select]

WAN (dhcp) <=> INET/29 (owned WAN subnet) <=> one or more OPNsenses.
I know the subnet basics and initially did it using basic routing/ default GW/firewall in Linux, but would like to do it with OPNsense if that makes sense, performance-wise, because OPNsense has some features I would include.

What I did is creating the INET/29 subnet as if it were a LAN, and add up all the flags like BOGUSIPS, Firewall, Special exceptions etc myself, plus deactivating OUTBOUND NAT.

However I don't trust it as there are questions.

• For one, OPNsense doesn't know the INET/29 is a WAN port. I cannot tell for sure that there is no special internal edge case that gets traffic to escape the WAN<->INET/29 highway.
  
• OPNsense does identify WAN/LAN, and I don't know if thats just visual or if it means something more.
  
• Also, if the endpoint-router behind the GW restarts, connections through the GW are unstable. I have to restart the GW to make it work again (that is: let clients from WAN access HAproxy on the INET/29 endpoint again). It seems to me I converted a solution into another that is not meant to be.
  

Somebody/your opinion?

thanks