Thank you Steve
I found this Youtube video:
https://www.youtube.com/watch?v=CXFzDfxa0mg
non-English but very good demonstration of the same idea

I already built it all in HW (no VirtualBox) : my home router allows me to set different subnets on each LAN port. So I just built a test pfsense box with 3 interfaces and hooked LAN side to the rest of my home network. That way I got a "Dual-WAN" setup ✌
Everything work fine: I'm able to test Policy routing and manual NAT rules.

0_1534116449641_Dual-WAN simulation.png

Thanks - that makes sense and helps me plan upgrades

I understood. However the recent setup was a static NAT translation to the private IP on the three devices on the LAN with ACL controls. Ideally we'd have a different setup and we'll certainly be changing the network topology (and reconfiguring the affected servers) in the future, but we just needed to quickly replicate the existing router setup to meet immediate needs and address the sanity of the network design as time goes on. The Cisco could not support our new 1G fiber connection and the XG-7100 handles it with ease. Sure, it's not the best setup. But it's working.

why would you want that? What is the win10pc going to do with such traffic? Just to go back out the internet on same interface to get to abc.com?

I would for sure get the details of what device they are going to put in to provide this connectivity... Or its just like wifi router marketing hype... You know the ones that say N300, but only have 10/100 interface..

And your like where exactly does the 300 come in? ;)

Or how they currently add up the 2.4 and 5ghz bands to give you some number like 1200 or 1750.. All marketing nonsense.. No client can use that together so you should clearly label with the 2.4 can do PHY and what the 5 can do PHY..

And if you were going to be really honest - what can the user actually expect in real world speeds because users do not understand what PHY is..

Sure are system can do 1.5 but we only have a 1ge physical interface for you to connect too -- DOH!!!

@viragomann

Thank you!
Oops my bad. I am able to add multiple gateways to the same interface now. Guess I must have made some silly mistake earlier when I tried the same thing and got an error.

I don't understand what you meant by "You will get asymmetric routing issues with that.". But it seems to be working now.

Thank you once again.

Can I use the 2.3 XML config file if I upgrade to 2.4?

dns has nothing to do with ports..

If the server your trying to connect to is using a different port then the correct way would be in your ssh conf for this host..

Even if you were going to do some odd ball vip thing with nat your vip would be on the same network as the interface ie your 192.168.188 or your client would send that to its gateway IP since it would be off network.

The correct solution to your problem is to just use your ssh conf for easy access to servers.. You can put all the info you need right in this file.. Nothing would have to be done on pfsense, and you can take that file with you no matter where you go, etc.

example here is config I put in for a box uc.local.lan

host client
hostname uc.local.lan
IdentitiesOnly yes
user user
IdentityFile /home/username/.ssh/id_ed25519

0_1533825836971_config.png

that is exactly what you are trying to do - and takes all of 30 seconds to setup and cvan put in all the info you would need to make connection simple and easy.

Here this will help
https://nerderati.com/2011/03/17/simplify-your-life-with-an-ssh-config-file/

I was trying to get things like DLNA auto discovery working across subnets, but gave up and went the lazy route with a bridge instead which solved the problem. Thanks.

I was using the gateway for awhile, but felt it was giving me poor results, so I switched to 9.9.9.9, but started getting some issues with that, now I'm on 8.8.4.4, so far so good

the only reason I care is because it was causing my gateway group to flap, which kept reconnecting my VPN tunnels over the cellular backup

Who is your ISP? do you have your modem bridged? DSL, Cable or Fiber?

More information on your network setup would be more helpful. If you are using DHCP for instance, I presume you're getting the IP from the modem and not the ISP, I also presume the modem is not bridged... but saying all that, I could be completely wrong.

i have same problem thank

Ah my misread then - thanks for the clarification.. My bad

The traffic would obviously have to be sourced from 172.16.0.3 when it arrived at the firewall to benefit from the 1:1 NAT for outbound connections.

@nogbadthebad said in Static routes required for LAN>WAN traffic:

I use the gateways to do a poor mans nms :)

My advice is don't. Get a poor man's NMS like Nagios or Zabbix and use that instead of creating a bunch of interface routes in your firewall/router.