V2.2.1 default route behavior changed for multi-wan configuration?
-
I have a NetGate m1n1wall running 2.2.1-RELEASE with a multi-wan setup: DSL/Cable. With this configuration, I have LAN rules that specifically sent traffic for certain web sites to the default route because the web site security required that traffic always come from the same IP address. Once I upgraded to 2.2.1, this behavior changed, and now I get security errors again. I've been forced to change those rules to send traffic to a specific WAN. This wouldn't be a big problem, except that the primary WAN (Cable) is unstable. (Hence, the reason for the DSL.)
Is there any new trick that I can use make sure that traffic for a given connection is always routed to the same WAN?
Thanks,
Dave -
Nothing was intended to change there - ordinary pass rules give traffic to the ordinary routing table. If the destination is not already on a local network, and there is no specific route to the destination then it goes out the default route.
If default gateway switching is enabled, then the default route can get switched to another gateway.
The "proper" way is to use policy-routing like you have done now. Also look at System->Advanced, Miscellaneous, "Skip rules when gateway is down". You will want to skip the rule, and then have an ordinary block rule after it that blocks the traffic. That way when the gateway goes down the rule will be left out of the rule set (rather than being left in with no gateway specified), and the next rule will block the traffic. That should make sure that the traffic either goes out the specified gateway or is dropped.