Change WAN interface
-
Just setup a new PF 1.2.3 box to replace an existing box with three T1s on it. I will be shutting the T1 currently assigned to the WAN interface and want to move that to one of the other interfaces on the box. How can I migrate all of the rules from the existing interface to the new interface once I reconfigure the IP address and move everything around? Any big issues to watch out for?
thanks
-andy
-
If I understand you correctly you want to move the WAN rules to the newly created OPT1 (or whatever) and create a new WAN? I'm not sure if there is a way to migrate rules. You might be better suited to create the new interface as OPT1 and build your new rule sets around that and leave WAN in tact. If all you are doing is changing the IP setup of your WAN, the rules will stick and everything should be easy.
-
If I understand you correctly you want to move the WAN rules to the newly created OPT1 (or whatever) and create a new WAN? I'm not sure if there is a way to migrate rules. You might be better suited to create the new interface as OPT1 and build your new rule sets around that and leave WAN in tact. If all you are doing is changing the IP setup of your WAN, the rules will stick and everything should be easy.
Essentially want to move one of the OPT interfaces to become the WAN interface. So I have to migrate rules over, guess I can do it one at a time or maybe export them out and do something that way.
-
From the web GUI, Interfaces -> (assign) doesn't do what you want (just identify a different interface as WAN)?
It would be good practice to backup our configuration before doing this.
-
That just moves it to a new NIC. Doesn't move any rules with the change. I need to shut down WAN and move everything from an OPT interface to become the new WAN interface.
-
Rules are tied to the name it has been given (WAN, LAN, OPT1 etc..) and not to the name the underlying OS calls it. If you reassign an interface for example change WAN to be em1 when WAN was em0 before the change, all rules that applied to em0 before the change will apply to em1 after the change.
-
Depending on your motivation for making the opt1 become WAN, you might be able to just alter your rules to use OPT1 as the gateway. The only situation I know of that would not be possible in this manner would be a transparent proxy setup as all proxy traffic gets routed through the WAN (or so I seem to recall).
-
There isn't really an easy way to move the configuration from opt1 to WAN if you want to keep the OPT1 rules and make them the new WAN rules (discarding the current WAN rules).
You might have to hand-edit a config backup and replace opt1 with wan in the rule interfaces, but it would be easy to mess something up so be very careful (and keep some clean, unedited backup copies).
