i have same problem thank

Ah my misread then - thanks for the clarification.. My bad

The traffic would obviously have to be sourced from 172.16.0.3 when it arrived at the firewall to benefit from the 1:1 NAT for outbound connections.

@nogbadthebad said in Static routes required for LAN>WAN traffic: I use the gateways to do a poor mans nms :) My advice is don't. Get a poor man's NMS like Nagios or Zabbix and use that instead of creating a bunch of interface routes in your firewall/router.

I understand this is a test setup, but the first question is... why are you using public IP's on your LAN? Then... instead of us making assumptions, provide a network map to show how are things connected, so we can get a better view of your objective. Lastly, what is your objective? Why are there two firewalls? Is there a reason 192.168.10.0/24 needs to be behind a 2nd firewall?

It did! I just added the route and it complained it needed a new gateway first, added that then the static route, then went to the interfaces and changed the name, something that would've set it off for the deletion of the routes, this time the website responded back as it normally would. Now I'm gonna make clones of this for the next step. Thanks anyway! Hopefully leaving this here helps anyone else. :)

@kpa Thanks. I thought you could never address a 192.168.1.x address and similar outside your own subnet. Then it makes sense why the firewall would have an impossible task managing a setup with two similar subnets.

Thank you @jimp That helps clarify quite a bit. There really isn't much available about the "Skip Rules" setting. Based on the documentation, your answers are what I expected, but I wanted to be sure. Thanks again, Josh

Your alarm log seems to be showing 2 different dest_addr, 64.4.226.254 and 64.4.226.252. I'd suggest you look at your PPP log, I suspect the connection is dropping and being restarted frequently. You can see here for example a PPPoE connection that went down unexpectedly because the LCP protocol stopped receiving replies and tore down the connection: ...lots more log about connection going down Jul 23 10:28:55 ppp [wan_link0] LCP: state change Opened --> Stopping Jul 23 10:28:55 ppp [wan_link0] LCP: peer not responding to echo requests Jul 23 10:28:55 ppp [wan_link0] LCP: no reply to 5 echo request(s) Jul 23 10:28:45 ppp [wan_link0] LCP: no reply to 4 echo request(s) Jul 23 10:28:35 ppp [wan_link0] LCP: no reply to 3 echo request(s) Jul 23 10:28:25 ppp [wan_link0] LCP: no reply to 2 echo request(s) Jul 23 10:28:15 ppp [wan_link0] LCP: no reply to 1 echo request(s)

Sorry for beeing unclear - at the beginning, I had an another initial situation. I have 2x 1 GBit copper wan cables going inside to the firewall. The other card with two ports in the firewall (I have 4x 1 GBit ports) is connected with a Cisco Layer 3 Switch/Router. At the moment the Firewall is connected with a Carp interface to the Cisco switch and I want to change this to an LACP to get the, hopefully, possibility to utilize the two 1 GBit WAN ports. Now (Failover): CARP LAN with 2 ports -> pfSense -> 2x 1 GBit WAN links -> provider router Later (Failover and 2 GBit on LAN side): LAG with 2 ports -> pfSense -> 2x 1 GBit WAN links -> provider router Edit Got it... shitty VMware Workstation. Some trouble with duplicate Mac addresses. The LACP is up and running but I can't verify my configured load-balance mode (src-ip). When I have one download I have 12 MB/s (LAN 100 MBit and WAN 1 GBit) and with two computers I have 2x 6 MB/s. Edit2 Ok guys - in the end, I realized that one of the network cards are broken. After buying a new card - everything is working like a charm

Yeah, in fact it's working like a charm, it's communicating don't know why it was not before, but it seems ok. Thanks again for your explanatiosn and your time :)

Fantastic, thanks!

Dear viragomann, Thanks for the directives I shall certainly take a look into doing so when time permits. Do have a pleasant weekending! Peace Fuquan

@awebster said in Routing from LAN to WAN Upstream Gateway not working: A1 Now my brain has melted. However, on johnPOZ's suggestion I've now got VyOS running, relaying DHCP correctly and allowing bi-directional comms between my two test subnets, and from both subnets to the downstream gateway and on to the web. I thank you for your help. Even if the result was to point me at another product to try :-)

You will have to disable gateway monitoring for the second WAN, so it can't detect if it's down, but otherwise it may function OK.