From aeb31a5a6e4925821f27e9d891500cc68408bb21 Mon Sep 17 00:00:00 2001 From: Stephan de Wit Date: Mon, 15 Apr 2024 15:38:01 +0200 Subject: [PATCH] system: multi-wan: add a tip for handling traffic towards private networks --- source/manual/how-tos/multiwan.rst | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/source/manual/how-tos/multiwan.rst b/source/manual/how-tos/multiwan.rst index 006cebd9..3ee2ce77 100644 --- a/source/manual/how-tos/multiwan.rst +++ b/source/manual/how-tos/multiwan.rst @@ -134,6 +134,13 @@ Now under **Gateway** change selection to *WANGWGROUP*. be routed in this (wrong) direction. That is why Step 5 is needed for our DNS traffic going to and coming from our DNS forwarder on the firewall itself. +.. Tip:: + Policy-based routing skips normal system routing. Since the default "allow LAN + to any" rule has "any" set as destination, any traffic headed towards other internal + networks (as is often the case with VPN tunnels) that trigger this rule will be + routed through the gateway group as well. To avoid this, you can create an explicit + rule before this default rule to allow traffic to those networks without a gateway set. + Step 5 - Add allow rule for DNS traffic --------------------------------------- Add a rule just above the default LAN allow rule to make sure traffic to and from