Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Traffic through another wan, 2WAN 1LAN 1VLAN

    Scheduled Pinned Locked Moved NAT
    30 Posts 2 Posters 5.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      GDSF @viragomann
      last edited by

      @viragomann
      thanks for helping me friend Will you not need to do some kind of NAT too?

      459a5aac-7562-4414-b56e-0c80353c3c98-image.png

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @GDSF
        last edited by

        @gdsf
        Cannot think of any use of NAT in this context. You're simply directing traffic out on a non-default WAN.
        You need for sure an outbound NAT rule on WAN2, when directing packets out. But since you said, you're already successfully using WAN2 in the failover group, this should be given already.

        G 1 Reply Last reply Reply Quote 0
        • G
          GDSF @viragomann
          last edited by

          @viragomann yes, in the failover group, if WAN1 goes offline WAN2 works fine.

          however, even configuring this VLAN as a default gateway on my WAN2, it continues with the public ip of WAN1

          V 1 Reply Last reply Reply Quote 0
          • V
            viragomann @GDSF
            last edited by

            @gdsf
            Go to Status > Gateway and check if the WAN2 gateway is online.

            G 1 Reply Last reply Reply Quote 0
            • G
              GDSF @viragomann
              last edited by

              @viragomann yes :( if you want I can print other NAT or Firewall rules for you to have a better view

              b63ee64a-aee0-419a-944e-a5ccf8eb1862-image.png

              V 1 Reply Last reply Reply Quote 0
              • V
                viragomann @GDSF
                last edited by

                @gdsf
                I'm not familiar with your language, but it seems to me that the status there says "not monitored".

                You have to enable gateway monitoring if using multiple WANs, otherwise the failover group don't work.

                G 1 Reply Last reply Reply Quote 0
                • G
                  GDSF @viragomann
                  last edited by

                  @viragomann It means that the link is up

                  V 1 Reply Last reply Reply Quote 0
                  • V
                    viragomann @GDSF
                    last edited by

                    @gdsf
                    Ok. Can you please post a sreenshot of Status > Gateways as requested?

                    G 1 Reply Last reply Reply Quote 0
                    • G
                      GDSF @viragomann
                      last edited by

                      @viragomann here is the table

                      441d2e89-b750-45c3-8e2d-d405d2c5d5cb-image.png

                      V 1 Reply Last reply Reply Quote 0
                      • V
                        viragomann @GDSF
                        last edited by

                        @gdsf
                        Why are there commas in the monitoring IP?
                        I don't expect that this can be used.

                        G 1 Reply Last reply Reply Quote 0
                        • G
                          GDSF @viragomann
                          last edited by

                          @viragomann for some reason google translator put it, but when it left the native language it has dots

                          V 1 Reply Last reply Reply Quote 0
                          • V
                            viragomann @GDSF
                            last edited by

                            @gdsf
                            Google translator modifies a screenshot??

                            So the WAN2 gateway is online, but traffic still goes out on WAN1 from VLAN10, even there is a policy routing rule. Or your outbound NAT doesn't work properly.

                            Can you post a screenshot a screeshot of the outbound NAT page, please?

                            G 1 Reply Last reply Reply Quote 0
                            • G
                              GDSF @viragomann
                              last edited by

                              @viragomann I made an exit rule like this

                              9b7b0f71-7f83-4272-a554-38a8a65e171e-image.png

                              So this is the rule

                              c25d219a-7e7c-45c9-bd3c-bd29c4f2e9f3-image.png

                              And this is my Virtual IP rule

                              1c854bc2-7b09-47b2-a239-2582f40ac488-image.png

                              V 1 Reply Last reply Reply Quote 0
                              • V
                                viragomann @GDSF
                                last edited by

                                @gdsf said in Traffic through another wan, 2WAN 1LAN 1VLAN:

                                I made an exit rule like this

                                That's the wrong interface. It must be WAN2.

                                G 1 Reply Last reply Reply Quote 0
                                • G
                                  GDSF @viragomann
                                  last edited by

                                  @viragomann I did that, it still didn't work, I have a doubt, does the VIP need to be /29?

                                  V 1 Reply Last reply Reply Quote 0
                                  • V
                                    viragomann @GDSF
                                    last edited by

                                    @gdsf
                                    If you've got a /29 from the ISP you should set a /29 mask, of course.

                                    But if that's really an issue depends on the gateway, if it accepts packets from this IP.
                                    If the gatway responses to pings you can simply try it out in Diagnostic > Ping.
                                    You can select the VIP as source and send pings to the gw from it.

                                    G 1 Reply Last reply Reply Quote 0
                                    • G
                                      GDSF @viragomann
                                      last edited by GDSF

                                      @viragomann Do you know if there's a way to find this out?

                                      I tried calling my provider but the service is terrible

                                      I got access to the router but I don't know if it's possible to discover the range, but it has the ip, gateway and dns info

                                      I did a test on the https://who.is/whois/ site and it said that my range is /8

                                      V 1 Reply Last reply Reply Quote 0
                                      • V
                                        viragomann @GDSF
                                        last edited by

                                        @gdsf said in Traffic through another wan, 2WAN 1LAN 1VLAN:

                                        Do you know if there's a way to find this out?

                                        As said, ping with source option. Try the gateway and a public IP like 8.8.8.8.
                                        You can capture the packets on WAN2 while pinging to see if pfSense uses the correct source.

                                        G 1 Reply Last reply Reply Quote 0
                                        • G
                                          GDSF @viragomann
                                          last edited by GDSF

                                          @viragomann

                                          00845a5d-2057-4bdc-bd4d-b584489d8f76-image.png

                                          seems to have worked

                                          V 1 Reply Last reply Reply Quote 0
                                          • V
                                            viragomann @GDSF
                                            last edited by

                                            @gdsf
                                            No, not this way. You have to state the VIP at source.
                                            Your WAN IP is a private one as shown above.

                                            G 1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.