different clients go through different gateways
-
@viragomann said in different clients go through different gateways:
@heliop100
Ensure that both gateways is shown up as online in Status > Gateways.Probably one doesn't reply to ping and is treated as offline. In this case, either change the monitoring IP in the gateway settings to another public one, which does respond, or disable gateway monitoring if you don't need it for failover certain traffic.
Hi, both are online and working fine.
-
@The-Party-of-Hell-No said in different clients go through different gateways:
@heliop100
did you get this to work?Not yet.
-
@heliop100
So verify your filter rules. How did you set them up? -
The rules assign specific gateways for specific sources, but all connections only goes through default gateway .
Thanks
-
@heliop100
So you say, all involved gateway are shown up as online in Status > Gateways, but the policy routing rules are not obeyed?I'd expect, that all policy routing rules, which show hits here, directed the packets to the stated gateway though:
But maybe you have rules added, which are overriding these? Could be floating rules or ones on an interface group.
To investigate enable the logging in all your pass rules, also you should state a description for reference. Then try your outbound connections and check in the filter log, which rule was passing the traffic.
Consider to flush the states before.
-
@viragomann I assume in your rules you have clicked on advanced and chosen the gateway in the drop-down menu you want that rule to go out on?
-
@The-Party-of-Hell-No said in different clients go through different gateways:
@viragomann I assume in your rules you have clicked on advanced and chosen the gateway in the drop-down menu you want that rule to go out on?
yes
-
@viragomann said in different clients go through different gateways:
To investigate enable the logging in all your pass rules, also you should state a description for reference. Then try your outbound connections and check in the filter log, which rule was passing the traffic.
I do that and was a handy tip
I made some changes on rules, from TCP to ANY and check some IPs that are on more than one ALIAS.
Checking the gateway using tracert 8.8.8.8 still going allays through pfsense default gateway.
But, checking using https://www.showmyip.com/ the gateway on the rules seems correct
Thanks.
-
@heliop100 So have you created NAT outbound rules allowing the LAN segments to go out the different gateways?
-
-
@heliop100 I think you have to give permission - route - to the LAN segment to go out each of the gateways. This is done under firewall, NAT, Outbound. Usually it is recommended before adding rules to select manual then save. Then start adding rules for routing.
