I was trying to get things like DLNA auto discovery working across subnets, but gave up and went the lazy route with a bridge instead which solved the problem. Thanks.

I was using the gateway for awhile, but felt it was giving me poor results, so I switched to 9.9.9.9, but started getting some issues with that, now I'm on 8.8.4.4, so far so good

the only reason I care is because it was causing my gateway group to flap, which kept reconnecting my VPN tunnels over the cellular backup

Who is your ISP? do you have your modem bridged? DSL, Cable or Fiber?

More information on your network setup would be more helpful. If you are using DHCP for instance, I presume you're getting the IP from the modem and not the ISP, I also presume the modem is not bridged... but saying all that, I could be completely wrong.

i have same problem thank

Ah my misread then - thanks for the clarification.. My bad

The traffic would obviously have to be sourced from 172.16.0.3 when it arrived at the firewall to benefit from the 1:1 NAT for outbound connections.

@nogbadthebad said in Static routes required for LAN>WAN traffic:

I use the gateways to do a poor mans nms :)

My advice is don't. Get a poor man's NMS like Nagios or Zabbix and use that instead of creating a bunch of interface routes in your firewall/router.

I understand this is a test setup, but the first question is... why are you using public IP's on your LAN?

Then... instead of us making assumptions, provide a network map to show how are things connected, so we can get a better view of your objective.

Lastly, what is your objective? Why are there two firewalls? Is there a reason 192.168.10.0/24 needs to be behind a 2nd firewall?

It did!

I just added the route and it complained it needed a new gateway first, added that then the static route, then went to the interfaces and changed the name, something that would've set it off for the deletion of the routes, this time the website responded back as it normally would.

Now I'm gonna make clones of this for the next step.

Thanks anyway! Hopefully leaving this here helps anyone else. :)

@kpa Thanks. I thought you could never address a 192.168.1.x address and similar outside your own subnet. Then it makes sense why the firewall would have an impossible task managing a setup with two similar subnets.

Thank you @jimp

That helps clarify quite a bit. There really isn't much available about the "Skip Rules" setting.

Based on the documentation, your answers are what I expected, but I wanted to be sure.

Thanks again,
Josh

Your alarm log seems to be showing 2 different dest_addr, 64.4.226.254 and 64.4.226.252. I'd suggest you look at your PPP log, I suspect the connection is dropping and being restarted frequently.

You can see here for example a PPPoE connection that went down unexpectedly because the LCP protocol stopped receiving replies and tore down the connection:

...lots more log about connection going down Jul 23 10:28:55 ppp [wan_link0] LCP: state change Opened --> Stopping Jul 23 10:28:55 ppp [wan_link0] LCP: peer not responding to echo requests Jul 23 10:28:55 ppp [wan_link0] LCP: no reply to 5 echo request(s) Jul 23 10:28:45 ppp [wan_link0] LCP: no reply to 4 echo request(s) Jul 23 10:28:35 ppp [wan_link0] LCP: no reply to 3 echo request(s) Jul 23 10:28:25 ppp [wan_link0] LCP: no reply to 2 echo request(s) Jul 23 10:28:15 ppp [wan_link0] LCP: no reply to 1 echo request(s)

Sorry for beeing unclear - at the beginning, I had an another initial situation.

I have 2x 1 GBit copper wan cables going inside to the firewall.

The other card with two ports in the firewall (I have 4x 1 GBit ports) is connected with a Cisco Layer 3 Switch/Router.

At the moment the Firewall is connected with a Carp interface to the Cisco switch and I want to change this to an LACP to get the, hopefully, possibility to utilize the two 1 GBit WAN ports.

Now (Failover):
CARP LAN with 2 ports -> pfSense -> 2x 1 GBit WAN links -> provider router

Later (Failover and 2 GBit on LAN side):
LAG with 2 ports -> pfSense -> 2x 1 GBit WAN links -> provider router

Edit
Got it... shitty VMware Workstation. Some trouble with duplicate Mac addresses.

The LACP is up and running but I can't verify my configured load-balance mode (src-ip). When I have one download I have 12 MB/s (LAN 100 MBit and WAN 1 GBit) and with two computers I have 2x 6 MB/s.

Edit2
Ok guys - in the end, I realized that one of the network cards are broken. After buying a new card - everything is working like a charm

Yeah, in fact it's working like a charm, it's communicating don't know why it was not before, but it seems ok.

Thanks again for your explanatiosn and your time :)

Fantastic, thanks!

Dear viragomann,

Thanks for the directives I shall certainly take a look into doing so when time permits.

Do have a pleasant weekending!
Peace
Fuquan