@hieroglyph Bit of everything really so ill post another one up! Thanks.

it is not clear.
you can discrete the ports to be in different VLAN

for example :

ETH1 >> WAN 1,9t,10t (vlan tag 500)
ETH3 >> WAN2 3,9t,10t (vlan tag 501)

check you outbound NAT if it configured correctly

Policy Routing
https://docs.netgate.com/pfsense/en/latest/multiwan/policy-route.html#configuring-firewall-rules-for-policy-routing

@tobira confirmed
redmine issue created: https://redmine.pfsense.org/issues/11298

@netblues WeChat Screenshot_20210123143847.png

i reach to all those CPEs using Fiber network.

@gertjan On different machines...linux and windows.

If you need help setting that up - just ask..

But if your goal is isolation - which I assume it is because your asking how to only allow 1 IP, and block others. Then you really need to create two different L2 networks (vlans or completely different physical networks - 2 interfaces on pfsense with 2 different dumb switches).

Another option would be to just put them all on the same L2 (same L3 as well), but make it a private vlan... And then you can let X talk to Y, and A talk to D, but block Z from talking to A, etc. Via setting on your switch that support private vlans. But you need a switch that supports that.

Simple solution to keeping A from talking to B, is put them on different actually isolated networks. And then filtering whatever traffic you want to allow/block on pfsense.

@bn1980 said in Config for LAN devices to see a virtual network on a DMZ device:

172.17.0.1/16

add a static route to pfsense
configure 10.10.10.111 as a new gateway, go to static route and add a destination for 172.17.0.1/16 via 10.10.10.111
try to ping the docker

@streamholder i have the same problem did you find any solution.

@edmond said in multiwan not switching back to primary:

my primary wan (OPTIC_PPPOE) failed but after it got available it does not switch automatically from backup to primary.

Hi,

this has been fixed a long time ago:
https://redmine.pfsense.org/issues/9054

and can help

https://forum.netgate.com/topic/84269/multi-wan-gateway-failover-not-switching-back-to-tier-1-gw-after-back-online/19

+1 for this.

Seems like an odd thing to do - overlapping networks in the same network.. Good luck. Thanks for entertaining my curiosity cat..

I thought it could be a remote site via a vpn, having overlap of some vlan in your internal network.. Which you could just use say the tunnel IP to allow them to ssh/gui to pfsense. Where the tunnel network should be be overlapping any network either remote or local..

But sure a vip would allow you to put a non overlapping IP on pfsense to be able to access.

@johnpoz Yeah I guess I figured with having the LAN Allow all rule as is and then just change the gateway on the ones I want going through the vpn would work fine. Thats actually the way I had it when trying protonVPN.