@aadrem said in Problem with multi WAN and pfsense web configurator:

I cannot understand why from PC connected to PFsense I am able to reach it

What @heper said. As I mentioned above, "by default the only network that can access one of those IPs should be LAN Net, due to the "allow LAN to any" rule." You can always create rules on LAN like:

allow to (this firewall) from management_PC_IP
block to (this firewall)

@sebastiaan76 said in Bind 9 Recursion - how to route querys over non-default gateway:

Is the only way perhaps to get a list of all the root servers

This wouldn't work because query roots is just the start of the resolution of whatever fqdn your looking for. It then asks the gtld servers, and then the authoritative ns for the domain. When you are resolving you might need to talk to any IP on the internet - since you have no idea where a authoritative ns for a domain IP might be.. It could be anything.

To be honest the best way to make sure bind queries go out a specific gateway, would be to run bind on some device in your network, and policy route that devices 53 traffic.

@viragomann No! No! its not like that!

I am talking about the IP address while connecting to the SIP Provider(I gave name SIP Interface). So the thing is when my PBX dial to SIP server my public IP should be SIP Interface IP.

@luckman212 it should be made aware that any side-loaded scripts negates TAC support options.

With software you are undo these by reinstalling the software and restoring from a backup config (since the backup configs do not retain any information on side-loaded applications or scripts.

@jguere that is not what you stated

I can't route between VLANs

Glad you got it sorted, but nobody can actually help if you do not give accurate description of what your trying to do exactly, and what is not working.

but can't reach other hosts on those VLANs.

Has zero to do with a L2 switch and its gateway for its management IP so you can talk to it from other vlans.

@phatsta Hi, i decided to reflash the negate sg1000 and that it seems to have worked, must have been something corrupted.

Moved to general

@conejero Easiest way is cat /tmp/rules.debug for the most human-friendly version. You can also pfctl -vvsr to see the raw rule set but it is broken down a lot more that way. It's generally not necessary to look there to get a picture of the rules and what they are doing.

If anyone else has this problem, I ended up creating another firewall rule under the wireguard interface. I passed anything NOT RFC1918 to the Nord Gateway then created an outbound NAT rule on the NORDVPN interface. Works Now.

@russm Great - and I for sure learned something about issues that can come about with zen, there is actually another active thread which I think is the same problem

@gwaitsi said in PureNAT / NAT + Proxy - Am i doing it right?:

seems to be working.

Then don't fix it ;)

@mzabik not possible to set a time config (unless maybe you fiddle with scripts in the OS but that's unsupported and probably hard to do) but you have options for "high latency" and "packet loss" that should satisfy your needs. Try using packet loss instead of member down if that's the way it's set up now.

Otherwise the short answer is get a better WAN.