Multi-WAN: Fallback is used without trigger.

Started by inDane, May 07, 2024, 04:16:15 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
May 07, 2024, 04:16:15 PM
Hey there,

so i've configured a multi-wan setup here. For a bit more context, my ISP disconnects and renews my ip every 24h. I have a machine that needs to be always online and I want only this machine to always establish a connection.

So, what I want is this: When wan_1und1 is up, everything should go through this and the port forwarding rules should apply. If wan_1und1 is down, fallback to wan_lte and only one machine (192.168.178.92) should be able to connect to one specific host.

My Problem is, that the fallback connection is always used. I dont like this, because this is a metered network (Cellular LTE).

I am pretty sure, that this is because of port forwarding. Apparently port forwarding has some higher priority in the firewall rules.

When looking at the Reporting -> Insight on Interface wan_lte i can see that there is traffic on the port forwarded ports (i.e. 30303).

Code Select

                WAN_1UND1         WAN_LTE_FALLBACK
                 :                        :
                 : LTE                    : DSL
                 :                        :
             .---+---.              .-----+-----.
             | IK41  |     Modems   | Vigor167  |
             '---+---'              '-----+-----'
192.168.51.1/24  |                        |
        Ethernet |                        | PPPoE
                 |                        |
            .----+----.             .-----+-----.
            | wan_lte |    Gateways | wan_1und1 |
            '----+----'             '-----+-----'
192.168.51.11/24 |                        | "default"
                 |      .----------.      |
                 +------| OPNsense |------+



See the screenshots for more info.

What ive tried (without success):
- I've removed the automatically created port forward wan_1und1 rules with custom ones, to be able to set a gateway. This should only be possible via wan_1und1 now, but it isnt. it is also passed through wan_lte.
- I've added a wan_LTE rule to completely block incoming traffic (it doesnt).
- I've disabled sticky connections for Multi-WAN.

Is this a bug? I would be happy if you have some ideas for me!

Best
inDane


Print
Go Up Pages1
User actions