Looks like the installation was broken. I had some messages of libreadline.so missing or something like that, at first was only php but then I found unbound wasn't starting because of that. Upgraded to 2.4.5 (reinstalled, to be more precise) and not the firewall rules appear to work as expected.

@fredmoped said in Static route overwritten?:

IPTV_INSIDE

when you make a firewall rule under IPTV_INSIDE, there is an option under Extra Options" / "advanced options" where you can chose the default gateway

you don't need to set static route, start with a any/any rule with gateway IPTV_GW

Immagine22.jpg

OK, I refined this. Here's what seems to be absolutely necessary. This is about 20K' overview so if anyone wants details I'll provide happily.

PFsense setup for linked routers

Routed RIP on both WAN and LAN set up and working 3rd network connection physically linking two routers, same subnet, separate IP addresses gateway configured for the physical link between the routers, pointing at the remote IP address for the link static route to remote router's LAN, pointing at gateway from #3 on physical link network, configure these rules:
A) remote network IP to LAN network
B) Routerlink network to any
c) LAN network to any
d) IPv4 ICMP protocol enabled for all (allows ping testing)

Configure this way on both sides, and you should work. :)

@viragomann

I solved it by compiling in the WAN interface "IPv4 Upstream gateway" and saving again "Automatic outbound NAT rule generation.
(IPsec passthrough included) "
Automatic rules have been created

Thanks

Can only operate on the information given.

First step:

Firewall > NAT, Outbound Switch to Hybrid mode. Create a DO NOT NAT rule on WAN for source 99.xxx.254.40/29.

Create a new inside interface. Number it 99.xxx.254.41 /29

Put hosts on that interface on 99.xxx.254.42 - .46 /29 gateway 99.xxx.254.41

Make firewall rules on the interface to pass the desired outbound traffic.

I have now added a VLAN to the LAN port in proxmox and created a bridge from that. This I have added to pfSense with the first address of the ip subnet which will act as gateway for the /29 addresses from the guests/hosts on the network.

So far so good.

I think this might be an issue with the setting of "Skip Rules When Gateway is Down". It seems I want this setting enabled so that when the cable modem gateway specified in the allow rule is down, the rule doesn't just turn into an allow rule for the default gateway (which has become the 3g backup connection).

https://docs.netgate.com/pfsense/en/latest/multiwan/load-balance-and-failover.html

-Rico

Hi,

Without seeing other details of your configuration, it seems that you may have to use "policy based routing" in your LAN rules, meaning you may have to assign two rules and specify which gateway to use for the two different destinations.
in the rules section, click on Advanced, and scroll down and then specify which gateway.
this may help. we had a similar issue recently with our multi-wan setup.

Okay, that issue were going pretty weird already.

You can simply check your public IP by going to https://whatismyipaddress.com or something like that in the clients browser.

I've set up a VIP between my two BGP routers, and set upstream gateway to this VIP

@Raffi_ Yep, I've got it set up like that already.

@johnpoz The LAN subnet configuration was ok, because I changed it when I installed the pfsense (otherwise as you said before it would have overlapped ISP router’s LAN). Looks a lil strange to me that I didn’t find the problem. Maybe looking at the state table would have been a good idea but since I’ve solved it “the easy way” and the state table is now renewed it’s useless now to take a look at it. Thanks for the help by the way!

Cannot see any files. Just take screenshots of the modem gui pages

@brightwolf You can set a custom MAC address after you enable an interface.

screenshot673423.png

5th line down, under the specific interface settings screen.

Jeff

@dgilmour77 , I have the same problem with a configuration similar to yours. I cannot recall it for sure, but I think DynDNS worked OK in dual WAN prior to release 2.4. Pfsense documentation advises us to use GW groups as interfaces for DynDNS, but doing so has the effect you have described.

I wonder if something like that happens with dual WAN load balancing scenarios, i.e., although both WANs may be up, traffic will only flow through one of them.

BTW, as for the DynDNS situation, I am using the workaround suggested by @viragomann.