@hieroglyph Bit of everything really so ill post another one up! Thanks.

it is not clear. you can discrete the ports to be in different VLAN for example : ETH1 >> WAN 1,9t,10t (vlan tag 500) ETH3 >> WAN2 3,9t,10t (vlan tag 501)

check you outbound NAT if it configured correctly

Policy Routing https://docs.netgate.com/pfsense/en/latest/multiwan/policy-route.html#configuring-firewall-rules-for-policy-routing

@tobira confirmed redmine issue created: https://redmine.pfsense.org/issues/11298

@netblues [image: 1611383957446-wechat-screenshot_20210123143847.png] i reach to all those CPEs using Fiber network.

@gertjan On different machines...linux and windows.

If you need help setting that up - just ask.. But if your goal is isolation - which I assume it is because your asking how to only allow 1 IP, and block others. Then you really need to create two different L2 networks (vlans or completely different physical networks - 2 interfaces on pfsense with 2 different dumb switches). Another option would be to just put them all on the same L2 (same L3 as well), but make it a private vlan... And then you can let X talk to Y, and A talk to D, but block Z from talking to A, etc. Via setting on your switch that support private vlans. But you need a switch that supports that. Simple solution to keeping A from talking to B, is put them on different actually isolated networks. And then filtering whatever traffic you want to allow/block on pfsense.

@bn1980 said in Config for LAN devices to see a virtual network on a DMZ device: 172.17.0.1/16 add a static route to pfsense configure 10.10.10.111 as a new gateway, go to static route and add a destination for 172.17.0.1/16 via 10.10.10.111 try to ping the docker

@streamholder i have the same problem did you find any solution.

@edmond said in multiwan not switching back to primary: my primary wan (OPTIC_PPPOE) failed but after it got available it does not switch automatically from backup to primary. Hi, this has been fixed a long time ago: https://redmine.pfsense.org/issues/9054 and can help https://forum.netgate.com/topic/84269/multi-wan-gateway-failover-not-switching-back-to-tier-1-gw-after-back-online/19

+1 for this.

Seems like an odd thing to do - overlapping networks in the same network.. Good luck. Thanks for entertaining my curiosity cat.. I thought it could be a remote site via a vpn, having overlap of some vlan in your internal network.. Which you could just use say the tunnel IP to allow them to ssh/gui to pfsense. Where the tunnel network should be be overlapping any network either remote or local.. But sure a vip would allow you to put a non overlapping IP on pfsense to be able to access.

@johnpoz Yeah I guess I figured with having the LAN Allow all rule as is and then just change the gateway on the ones I want going through the vpn would work fine. Thats actually the way I had it when trying protonVPN.

@viragomann said in Source based Routing with pfSense: @birtalevente said in Source based Routing with pfSense: From this another location, other company the connection is initiated to the WAN1 and WAN2 IPs, but the responses are routed out through the WAN3 ... which is somehow logic because I have in the routing table a.b.c.0/24 on WAN3 No, this is logic, because the destination IP lies within the subnet of WAN3 if I did undersand right your alphabetic variables: @birtalevente said in Source based Routing with pfSense: So, the WAN3 network let's say is a.b.c.0/24, WAN3 IP is a.b.c.62 There is another location, other company where the ISP assigned the a.b.c.192 IP address So if here a.b.c are the same in both variables, your WAN3 IP and that one of the other company are in the same subnet. If so, the other company should access your router at WAN3 and nothing other. This is not possible...WAN3 is low speed and dedicatet to other services. If they come in on an other WAN, they may have set a wrong mask in the WAN configuration (not /24). They come in on the right WAN because thats how is set up on they side! Your router cannot response to an address on another interface if the destionation is in the subnet of WAN3 in the end. That sucks ... So I need to reconfigure a little bit Thanks anyway ! Levi