Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Chosen Gateway Ignored

    Scheduled Pinned Locked Moved Firewalling
    4 Posts 3 Posters 303 Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M Offline
      meluvalli
      last edited by meluvalli

      I have two internet providers coming into pfsense.

      I have one named WAN and the other named WIN_NW_SHARE.

      I have a rule under FIREWALL/RULES/LAN

      Simple rule... If you are trying to get to destination 8.8.8.8, use WIN_NW_SHARE! Everything else, use WAN.

         Protocol: IPv4
   Source: *
   Port: *
   Destination: 8.8.8.8
   Port: *
   Gateway: WIN_NW_SHAREGW

      Problem:
      This works if both connections are up and running. However, if for whatever reason WIN_NW_SHARE goes down, it then routes the traffic into WAN! WHY?????!!!!!! I have a RULE that states to use WIN_NW_SHARE! The traffic should just FAIL. Example: ping 8.8.8.8 should request time out! It doesn't! Instead it decides to use WAN!

      I tried creating another rule right under it with a REJECT action... Thinking it's just skipping this rule, but this doesn't fix the problem either.

      Why would it just randomly select a different gateway if the chosen gateway fails? I also forgot to mention, I have selected "Disable Gateway Monitoring" and "Disable Gateway Monitoring Action" on the WIN_NW_SHAREGW. Nothing works!

      johnpozJ S 2 Replies Last reply Reply Quote 0
      • johnpozJ Offline
        johnpoz LAYER 8 Global Moderator @meluvalli
        last edited by johnpoz

        @meluvalli You prob want to setup a kill switch, like users do when their vpn goes down..

        What do you have for this setting?

        mis.jpg

        I believe when gateway goes down, it leaves the rule without the gateway set. So it would just use the default gateway in this case. It is in advanced, misc

        I have never bothered to look into a kill switch, but I have seen many a post about it.. If you google pfsense kill switch sure you find some info.

        I believe one way is to tag the traffic and use an outbound rule that matches on the tag to block it going out normal, I have never given it much thought, since I have zero use for it..

        But if your rule that policy routes out traffic out gateway X also tags the traffic, and you have an outbound rule that prevents tagged traffic from going out gateway Y, that should work in theory. Cuz by default, if a gateway is down, the rule is still there just not with a gateway set on it for your policy route.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 25.07.1 | Lab VMs 2.8, 25.07.1

        M 1 Reply Last reply Reply Quote 1
        • S Offline
          SteveITS Rebel Alliance @meluvalli
          last edited by

          @meluvalli can you show your two rules?

          https://docs.netgate.com/pfsense/en/latest/multiwan/policy-route.html#enforcing-gateway-use

          Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
          When upgrading, allow 10-15 minutes to reboot, or more depending on packages, and device or disk speed.
          Upvote đź‘Ť helpful posts!

          1 Reply Last reply Reply Quote 1
          • M Offline
            meluvalli @johnpoz
            last edited by meluvalli

            @johnpoz

            I think you hit it on the nail! “Skip rules when gateway is down” sounds exactly what I need. If I enable this, then it should go to my next rule which is to block the traffic altogether:)

            Thank you @johnpoz

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.