How to pin a Host to a Gateway with a WAN Failover Group ?

[zartoz]

I have a wired DSL gateway and a LTE gateway in a WAN Group with Failover, all is working well.  DSL is Tier 1 and LTE is Tier 2.

Occasionally, I would like to direct a host over LTE.  Things like kids streaming or gaming updates can get noisy when working from home.

I have tried to create a Firewall Rule with a specific internal host IP on LAN interface and mapping it to the LTE Gateway but everything still routes over the DSL Gateway.

Any suggestions on how to accomplish this?  Thank you!

[viragomann]

I have tried to create a Firewall Rule with a specific internal host IP on LAN interface and mapping it to the LTE Gateway but everything still routes over the DSL Gateway.

Ensure that the rule is applied to the respective traffic.
State a unique description, enable logging and check the firewall log after trying a connection.

Note that interface group rules and floating rule have precedence over interface rules.

[zartoz]

Yeah, I cannot get it to apply to the traffic.  Everything continues to apply the "Default allow LAN to any rule" to the traffic for the host that I specify in the Firewall Rule.  I did move it to the top of the Rules list and set it to Quick but it still doesn't match any traffic from that host to the rule that I created.

I did try to create a Floating Rule as well but that also wouldn't apply to the traffic.  I created a 2nd WAN Group with the LTE interface as Tier 1 and DSL as Tier 2 but that also wouldn't route over LTE.

If I change the Gateways Configuration to make the LTE Gateway as "Active" with Priority 1, it then will route all traffic over that interface.

Is it not possible to force route specific traffic over one interface with a Failover WAN Group configured?

[viragomann]

Remember that a connection sticks on the rule till the state times out or is deleted.
So consider to flush the state table after making chances in the rule set.

[zartoz]

Just tried resetting State Table, had no effect.  As soon as I switch the Active Gateway interface, it flips over all states so I don't think it is sticking to established sticky states.  It seems like there may be no way to have a Host redirected to an alternate interface when Gateways are grouped.

[viragomann]

To get sure, for this to work, it's required that gateway monitoring is enabled and that the LTE is detected as online. Otherwise OPNsense sends the traffic to the default gateway instead.

So go to System: Gateways: Configuration and check if monitoring is enabled for the LTE (if it is, a monitoring IP is displayed) and if it's status is online.
If it isn't you have to configure the gateway monitoring properly.

[zartoz]

I do have GW Monitoring on and LTE is live.  I can swap the Gateways in the failover with Tiering successfully but I cannot force a single host over one specific GW in the WAN Group.