Block alias from WAN



  • I guess I am not doing this right. WAN1 is high speed capped, WAN2 is low speed uncapped. I need to restrict high volume clients to WAN2 only.

    I created 'HV' alias containing their IPs, I then created a pass rule specifying WAN2 gateway. For other clients I created a !HV pass with WAN1 gateway. It works, but if I kill WAN2 the traffic finds its way through WAN1. I tried a reject all for HV in under the pass but no effect.



  • I haven't tried this, but perhaps you could go to System - Routing - Gateways and edit WAN2 to check the Gateway Action option so that the gateway is always considered up. The traffic may still revert to the default gateway (WAN1) but you could try it and see if it does what you want.



  • I will try this, shouldn't cause me any problems as I never need WAN2 to fail back to WAN1. However I'm really interested in what is causing my rules to be ignored, they seem to be treated more like suggestions rather than rules



  • Right order? Fist the "Alias-IP to WAN2 rule" then everything else.
    Screenshots pls



  • Can't grab screen right now but the order is as follows under /rules/LAN

    alias-ip allow gateway WAN2
    reject alias ip all
    single host allow gateway VPN
    !alias-ip allow gateway WAN1

    default allow rules are disabled. as far as the order goes it is sending traffic as it should until the WAN2 drops then something is allowing them to fail back to WAN1, but there isn't any other rule for them



  • If you are on 2.4.4 there is a default GW Setting under Routing.
    But it should interact here.
    Normally you dont need the reject rule. BEcause any Ips from the ALIAS has to go through the WAN2.
    If it isnt up, it shouldnt work.