Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
23.1 Legacy Series
»
Multi-WAN: how to force traffic to one specific gateway?
« previous
next »
Print
Pages: [
1
]
Author
Topic: Multi-WAN: how to force traffic to one specific gateway? (Read 3113 times)
hase
Newbie
Posts: 3
Karma: 0
Multi-WAN: how to force traffic to one specific gateway?
«
on:
June 15, 2023, 12:57:59 pm »
Hi,
I am a bit experienced with IP, but a relative noob with opnsense.
I do have a Multi-WAN Setup working, and the automatic switching between my (fast but flaky) cable and (notsofast, reliable) DSL seems to work fine.
For $Reasons I also have some devices on the Network handled by the DSL router besides the opnsense.
I did manage to access the DSL routers web interface (IP 192.168.177.1, also the DSL-GW in Tier2 of the CABLE-DSL gateway group) from computers on the LAN.
But when I try to reach any device within 192.168.177/24 other than the .1, the traffic goes out to the Cable-GW.
I see that as incoming traffic on the WAN (=Cable) interface on the opnsense: blocked by the default rules.
I do have an FW rule on the LAN interface for the destination range 192.168.177/24 with Gateway DSL-GW, direction in (also tried out, same effect). the rule is atop the rule permitting LAN-originated traffice to 0/0.
Also, as far as I undestand the BSD routing table (as presented in the opnsense Web interface), the routing engine of the IP stack shoould direct dest-192.168.177/24 traffic through the respective ethernet interface.
I want the FW to default all traffic through the cable router and only fall back to DSL in exceptions (cable down), but I also want management traffic to my legacy network from the office network...
What am I missing?
merci
hase
Logged
CDuv
Newbie
Posts: 45
Karma: 2
Re: Multi-WAN: how to force traffic to one specific gateway?
«
Reply #1 on:
June 15, 2023, 11:52:37 pm »
Can you add some basic network schema (for example a
NwDiag
from
Kroki
) and firewall rules list?
If I got it right:
You have to WAN connections, both in a "CABLE-DSL" gateway group:
Cable, using the "CABLE-DSL" gateway, is at tier 1
DSL, using the "DSL-GW" gateway, is at tier 2, OPNsense uses IP 192.168.177.1 to contact it
Failover works: Internet access from your LAN uses Cable if available and continues to work if one of your 2 WAN is down (automatic switches)
You managed (how?) to access 192.168.177.1 address (DSL-GW's)
You have other devices on 192.168.177.0/24 network that you want to access but when you try to contact them using their 192.168.177.0/24 IP, OPNsense routes traffic to CABLE-DSL which it discards/reject
I guess each router has it's own network address and your LAN is also on a distinct network address.
Usually, to force a WAN for a given destination (host or network), you have to create firewall rule that sets the gateway to the one you want (in your case "DSL-GW" in lieu of "CABLE-DSL").
Logged
hase
Newbie
Posts: 3
Karma: 0
Re: Multi-WAN: how to force traffic to one specific gateway?
«
Reply #2 on:
June 22, 2023, 03:36:19 pm »
Hi,
I did compose a reply post here - quite long - and then it hit me.
The problem is that my LAN->DSL net traffic is going through NAT.
My network is very basic (for now):
- DSL router 192.168.177.1
-- has its own wlan with existing clients
- cable router 192.168.176.1
- opnsense appliance
-- interface WAN: DHCP client to the cable router (opnsense-IP fixed in DHCP, set as exposed host)
-- interface DSL: DHCP client to the DSL router (opnsense-IP fixed in DHCP, set as exposed host)
--interface LAN: internal, firewalled network.
--- DHCPv4 server in opnsense
Because the opnsense applies the NAT, the SYN-packet from my LAN device is modified (source address is set to an IP of the opnsense).
This modified packet is then fed to the firewall, therefore the auto-generated roule marked "let out anything from firewall host itself (force gw)" is applied - and this forces the ateway to the cable router, as that is currently active.
So the new question is: how do I bypass NAT for some of my traffic while applying it to Internet-bound traffic?
I will fiddle with that for a moment.
thanks for talking :-)
greetings from a hot Berlin/Germany
hase
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
23.1 Legacy Series
»
Multi-WAN: how to force traffic to one specific gateway?