Dude we already went over this.. And you showed it working. Are you trying to send different traffic somewhere else? You can not send traffic hitting your pfsense on IP port X to more than 1 place.. @anders-o said in Redirect incoming data to from an external IP to another external IP address destination.: Now it seems to be working. And yes, I had the wrong port which I believe was the root of the problem here. I facepalmed rather hard after realizing I had written the wrong port number. Now the log shows: 14:26:29.771406 IP 193.181.245.214.62668 > 51.174.x.x.10564: UDP, length 39 14:26:29.771426 IP 193.181.245.214.62668 > 3.122.x.x.10564: UDP, length 39 14:27:34.731419 IP 193.181.245.220.32867 > 51.174.x.x.10564: UDP, length 39 14:27:34.731441 IP 193.181.245.220.32867 > 3.122.x.x.10564: UDP, length 39 So I think it should work fine now right? If I don't get any data now on my cloud server then it should be an issue with my firewall on my cloud server?

There is no need for static routes. From LAN you should be able to access anything as long as you haven't changed the firewall rules. On the WLAN interface you have to add a pass rule to get access.

@toehl001 https://forum.netgate.com/topic/60600/gratuitous-arp-from-virtual-ips/17

there are more info here https://forum.netgate.com/topic/84269/multi-wan-gateway-failover-not-switching-back-to-tier-1-gw-after-back-online/86

thanks @viragomann works here!

If your not worried about them talking to each other, since you have any any rules - what is the point of multiple segments in the first place? ;)

Fixed it! Yes, I did assign a gateway, however I was confused when I assigned it, because I thought it was the gateway IP of my interface, not the gateway of the internet service IP. Such a silly mistake! Spent all night on it trying to figure it out.

[image: B9R8fL0.gif]

Pretty much comes down to usable subnet addresses -3 so a /29 on the interface has 3 addresses usable for HA services, a /28 has 11, /27 27, etc.

I was able to find a solution to this problem with the help of Netgate admin expert (@stephenw10) advice, the trick was to force Unbound to use "localhost" for outgoing queries. Unbound, when it is configured to operate via localhost outbound gateway would use only the gateway currently chosen by the system (i.e. dictated by the failover rules). This allowed me to completely eliminate unwanted unbound DNS/DNSSEC traffic via an expensive SIM-based failover link. See more details in the following thread: https://forum.netgate.com/topic/150176/php-shell-has-gatewaystatus-but-why-does-it-report-all-gateways-as-status-none

that is still not a route.. But sure if device answers (your modem) for an IP on your network then it would show in the mac address table. Here I tried pinging a bunch of different addresses in my /23 and you can see them now in my arp table, with the mac address of my modem. [image: 1581159820494-arptablemodem.jpg] If you had done some sort of scan of /22 then yeah you would of see mac address of your cable modem for all of the IPs.