Routing: How to add custom reply-to to specific traffic on non-wan interface?

alh · January 11, 2021, 01:34:47 AM

My OPNsense sits behind two other routers. I have HAproxy installed and configured. I want to offer some services via WAN/router 1 and some via WAN/router 2.

request hits router 1 or 2
request is port forwarded to OPNsense/HAproxy
HAproxy speaks to backend
HAproxy's response is then forwarded to the client via the default gateway (router 1)!

Added difficulty: Router 2 sits in LAN and not on a separate WAN interface of the OPNsense.

How can I achieve that OPNsense sends response via correct gateway/router?

marcquark · January 11, 2021, 06:52:18 PM

You're most certainly looking for reply-to on the incoming firewall rule that accepts connections from Router2 to your OPNsense.

I know that reply-to is added by default on WAN interfaces (not differentiated by the name, but rather by the fact that they have a gateway configured). There's a global setting to control this behaviour, so you will want to double-check that it's on. Now how you get OPNsense to add reply-to to only one specific rule on an interface, without setting a gateway, i'm not quite sure, you'd probably have to do some digging to find out whether it's at all possible. I know it's possible to explicitly disable it for specific rules while it's globally enabled, but what you want is the opposite.

If Router2 were on a seperate interface then no problem, configure the interface and set Router2 as gateway. Reply-to will be automatically added.

alh · January 11, 2021, 10:55:41 PM

I believe this person has the same/similar issue:

https://forum.opnsense.org/index.php?topic=15900.msg79646#msg79646

Routing: How to add custom reply-to to specific traffic on non-wan interface?

alh

January 11, 2021, 01:34:47 AM Last Edit: January 11, 2021, 11:09:35 PM by alh

marcquark

January 11, 2021, 06:52:18 PM #1

alh

January 11, 2021, 10:55:41 PM #2