core icon indicating copy to clipboard operation
core copied to clipboard
verified publisher icon opnsense

Outgoing lan rules with specific gateway not functional

Open Scaff31 opened this issue 1 year ago • 5 comments

Important notices

Before you add a new report, we ask you kindly to acknowledge the following:

  • [x] I have read the contributing guide lines at https://github.com/opnsense/core/blob/master/CONTRIBUTING.md
  • [x] I am convinced that my issue is new after having checked both open and closed issues at https://github.com/opnsense/core/issues?q=is%3Aissue

Describe the bug

Outgoing rules from lan with a specific gateway no longer work on version 24.7_9.

To Reproduce Multiple wan/gateway needed Steps to reproduce the behavior: Need multi-WAN with 2 gateway Creates an X alias of type URL (ips) set to "my-ip.com" content Creates a firewall rule on the lan interface that states.

  • Action: Pass
  • interface: LAN
  • Direction: out
  • TCP/IP Version: IPV4
  • Protocal: any
  • Source: LAN net
  • Destination: alias X
  • Gateway: WAN2

traceroute my-ip.com to validate that the rule is not applied

Software version used and hardware type if relevant, e.g.:

OPNsense 24.7_9 (amd64).

Scaff31 avatar Aug 01 '24 15:08 Scaff31

I believe Direction: in is the proper way. Setting this to out would have this rule applied after routing took place.

aque avatar Aug 04 '24 18:08 aque

This rule worked very well in 23.7 since the switch to 24.x this no longer works.

I need it to go out on a specific wan, not come in on a specific wan. Otherwise, I specify the source as PC-XXX direction: out and it works, but I prefer to manage the output via url alias.

Scaff31 avatar Aug 05 '24 06:08 Scaff31

Quite the broad statement: "23.7 since the switch to 24.x". Are you sure this didn't work on 24.1.x? Because it would make more sense it did and now on 24.7 it doesn't work (because FreeBSD 14.1 and related work).

fichtner avatar Aug 05 '24 08:08 fichtner

I can neither confirm nor deny that it didn't work on 24.1. I do know, however, that it worked on version 23.7.

Scaff31 avatar Aug 06 '24 07:08 Scaff31

Fair enough. I have to park this for now unless someone chimes in because I won't go through a year's worth of commits.

fichtner avatar Aug 06 '24 07:08 fichtner

After trying it out, it works well in 24.1

Scaff31 avatar Sep 18 '24 08:09 Scaff31

This issue has been automatically timed-out (after 180 days of inactivity).

For more information about the policies for this repository, please read https://github.com/opnsense/core/blob/master/CONTRIBUTING.md for further details.

If someone wants to step up and work on this issue, just let us know, so we can reopen the issue and assign an owner to it.

OPNsense-bot avatar Jan 28 '25 15:01 OPNsense-bot