Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
21.1 Legacy Series
»
FW Rule (LAN) multiple GW - Policy based routing (gateway setting)
« previous
next »
Print
Pages: [
1
]
Author
Topic: FW Rule (LAN) multiple GW - Policy based routing (gateway setting) (Read 1906 times)
Antonio76
Newbie
Posts: 2
Karma: 0
FW Rule (LAN) multiple GW - Policy based routing (gateway setting)
«
on:
April 28, 2021, 07:23:07 pm »
Hello Community,
my first post here. Nice to meet you all.
I have moved to OPNsense 2 days ago from PFSense, due to the NAT stability issue for the 2.5.1 version.
I'm very happy with the OPNSense and I would love to stick with it.
Problem :
for the LAN subnet which hosts some dockers box, I need to create a FW Rule, outbound, and in the advanced option, it offer the possibility to select what GW. In PFsense this works out of the box. I do have an ISP GW (standard) and an Openvpn GW (for services like NordVPN and similar).
However, in OPNsense, I got the following error:
Policy-based routing (gateway setting) is only supported on inbound rules.
So first of all, why offer this option if not supported. Not need an answer here
.
Second, how can I achieve the same goal with OPNsense? The information available on this issue is very scarce to find.
Thanks in advance for the help and clarification.
best regards,
Logged
Maurice
Hero Member
Posts: 1213
Karma: 158
Re: FW Rule (LAN) multiple GW - Policy based routing (gateway setting)
«
Reply #1 on:
April 29, 2021, 03:00:31 am »
In / out is always from the firewall's perspective. In your case, an "out" rule on the LAN interface would mean from OPNsense out to the dockers box. Which is not what you want for PBR. An "in" rule is correct: From the dockers box into OPNsense (and then onwards to the selected gateway).
Quote from: Antonio76 on April 28, 2021, 07:23:07 pm
The information available on this issue is very scarce to find.
While
https://docs.opnsense.org/
is not perfect, the firewall direction and PBR basics should be covered there.
Cheers
Maurice
Logged
OPNsense virtual machine images
OPNsense aarch64 firmware repository
Commercial support & engineering available. PM for details (en / de).
Greelan
Hero Member
Posts: 1028
Karma: 72
Re: FW Rule (LAN) multiple GW - Policy based routing (gateway setting)
«
Reply #2 on:
April 29, 2021, 05:13:18 am »
The help text for “Direction” in the FW rules has also been enhanced in 21.1.5 to explain IN and OUT in more detail, to seek to overcome this confusion
Logged
Antonio76
Newbie
Posts: 2
Karma: 0
Re: FW Rule (LAN) multiple GW - Policy based routing (gateway setting)
«
Reply #3 on:
April 29, 2021, 06:32:11 pm »
Many thanks for the support. I will definitely look at this from the FW perspective.
I have already tested with the option "In"rather than out" with little success, but I will double-check to be sure once again.
cheers,
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
21.1 Legacy Series
»
FW Rule (LAN) multiple GW - Policy based routing (gateway setting)