Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Opnsense prerouting (Policy based routing)?
« previous
next »
Print
Pages: [
1
]
Author
Topic: Opnsense prerouting (Policy based routing)? (Read 4368 times)
Jeroen1000
Newbie
Posts: 40
Karma: 0
Opnsense prerouting (Policy based routing)?
«
on:
July 02, 2018, 03:43:01 pm »
Hi!
I've noticed *bsd is a fair bit different than Linux. Normally, for PBR I would use
Code:
[Select]
MARK --set-mark 1
as described here
https://www.tldp.org/HOWTO/Adv-Routing-HOWTO/lartc.netfilter.html
.
However, as I understand, no router will not able to act on this type of 'mark' as its not actually something that is set in the ip packet. What kind of actionable items can Opnsense use for a policy based routing decision? Hereby
excluding
the
source
and
destination
address as possible candidates.
I have a Linux router in play that will have to mark the traffic somehow so that Opnsense can route it out of the desired interface.
«
Last Edit: July 02, 2018, 03:56:58 pm by Jeroen1000
»
Logged
mimugmail
Hero Member
Posts: 6766
Karma: 494
Re: Opnsense prerouting (Policy based routing)?
«
Reply #1 on:
July 02, 2018, 04:11:18 pm »
You can set the Gateway in a firewall rule, but this only matches for packets going through the firewall.
Packets originating by the firewall can't be policy routed ..
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
Jeroen1000
Newbie
Posts: 40
Karma: 0
Re: Opnsense prerouting (Policy based routing)?
«
Reply #2 on:
July 02, 2018, 06:54:25 pm »
Only forwarding chain is ok. But I couldn't really find whether you can match the ToS bits in order to make a routing decision. OR whether there is something better to use than the ToS bits.
I.E. if match IP precedence 2 => route to GW A
if match IP precedence 3 => route to GW B
The ToS bits will be set by another router.
Logged
nallar
Newbie
Posts: 15
Karma: 4
Re: Opnsense prerouting (Policy based routing)?
«
Reply #3 on:
July 03, 2018, 08:17:57 pm »
Does "Match priority" under "Advanced Options" for a rule do what you want?
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Opnsense prerouting (Policy based routing)?