Policy Based Routing ignored (no VPN but two Gateways)

Started by Residence0886, Today at 02:48:14 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
Today at 02:48:14 PM
Hi everyone,

I have been using OPNSense for quite a while now and in generel I tend to get to the bottom of things really fast. Bur for this specific issue I really got stuck und I don't know where to look at.

So this is my basic network configuration:

LAN -- [OPNSense] --- Transfer-LAN --- [External-FW] --- [ISP-Router]

I need to replace the external firewall with a new one which I already installed and assigned an IP address in the transfer LAN.
In OPNSense I created a new upstream-gateway with a lower priority.
When deactivating the primary gateway all traffic takes the new gateway so I assume that routing in general is working fine and the new gateway itself is functional.

For testing purposes I need to make sure that only a s single client will use the new gateway for now. So I created a new firewall rule on the transfer-LAN adapter that covers all traffic and set it on top of the list. Source is my test-client and destination is any. From my test-client internet access is working fine and the live-log proves that the correct rule is used for this host. However traffic still takes the old route via the old external firewall.

None of the interfaces is configured as WAN-Interface. I do not use NAT or any type of VPN.

What I tried so far:

- Created an correspondig inbound-rule on LAN side.
- Flushed all states of this host.
- Rebooted the firewall.
- Set relpy-to to disabled in the rule settings.
- Set Disable reply-to in the firewall settings itself.
- Disabled the primary gateway - now the new gateway is used as expected.

Unfortunately I'm running out of ideas. Do you have any ideas? I'm using version 26.1.5.

Thanks in Advance
Daniel
Today at 03:03:23 PM #1
Quote from: Residence0886 on Today at 02:48:14 PMSo I created a new firewall rule on the transfer-LAN adapter that covers all traffic and set it on top of the list. Source is my test-client and destination is any.
You have to add this rule to the LAN interface. But maybe, that's just a typo.

Also you have to state the new gateway in the rules advanced settings.
Print
Go Up Pages1
User actions