reply-to not an issue if interface has no upstream gateway? #2458
Comments
|
add add checkbox that allows linking the gateway and default to avoid linking it, discussed with @AdSchellevis |
|
Todo: far gw for IPv4, ~~~name fix if description is empty~~~ |
|
@fichtner Today I'm working on the live system regarding this (planned maintainence) and it seems that just removing upstream is not enough. The most important thing was to tick: Firewall - Settings - Advanced - Multiwan - Disable Force Gateway. Only after enabling this I was able to ping an IP behind a second gateway on Interface WAN without routing this packet via default gateway. No idea how this influences you current patches :/ |
|
can you grep reply-to on /tmp/rules.debug with the setting on and off? |
|
Hang on .. it seems that changing these values do something in the backend what a simple rule change doesn't do. Can't reproduce anymore when enabling/disabling :( Also with every constellation no reply-to anywhere in rules.debug ... |
|
if reply-to is not in the rules in either case I'm positive on the fix. all other side effects are network / routing related |
|
Where your fixes already in 18.1.10? |
|
no, it's mostly a cosmetic GUI change for 18.7 |
|
Cause I'm only testing with stable on this system. |
|
sometimes the network is immune to the reply-to trickery because the upstream router is smart enough to redirect the packets back into the internal network |
IPv4 and IPv6 needs this. IPv4 could also use a "far gateway" knob.
https://forum.opnsense.org/index.php?topic=3415.0
The text was updated successfully, but these errors were encountered: