different clients go through different gateways

heliop100

@The-Party-of-Hell-No said in different clients go through different gateways:

@heliop100
did you get this to work?

Not yet.

viragomann

@heliop100
So verify your filter rules. How did you set them up?

heliop100

@viragomann

The rules assign specific gateways for specific sources, but all connections only goes through default gateway .

Thanks

viragomann

@heliop100
So you say, all involved gateway are shown up as online in Status > Gateways, but the policy routing rules are not obeyed?

I'd expect, that all policy routing rules, which show hits here, directed the packets to the stated gateway though:

But maybe you have rules added, which are overriding these? Could be floating rules or ones on an interface group.

To investigate enable the logging in all your pass rules, also you should state a description for reference. Then try your outbound connections and check in the filter log, which rule was passing the traffic.

Consider to flush the states before.

The Party of Hell No

@viragomann I assume in your rules you have clicked on advanced and chosen the gateway in the drop-down menu you want that rule to go out on?

heliop100

@The-Party-of-Hell-No said in different clients go through different gateways:

@viragomann I assume in your rules you have clicked on advanced and chosen the gateway in the drop-down menu you want that rule to go out on?

yes

heliop100

@heliop100

@viragomann said in different clients go through different gateways:

To investigate enable the logging in all your pass rules, also you should state a description for reference. Then try your outbound connections and check in the filter log, which rule was passing the traffic.

I do that and was a handy tip

I made some changes on rules, from TCP to ANY and check some IPs that are on more than one ALIAS.

Checking the gateway using tracert 8.8.8.8 still going allays through pfsense default gateway.

But, checking using https://www.showmyip.com/ the gateway on the rules seems correct

Thanks.

The Party of Hell No

@heliop100 So have you created NAT outbound rules allowing the LAN segments to go out the different gateways?

heliop100

@The-Party-of-Hell-No

No outbound NAT, only LAN rules.

The Party of Hell No

@heliop100 I think you have to give permission - route - to the LAN segment to go out each of the gateways. This is done under firewall, NAT, Outbound. Usually it is recommended before adding rules to select manual then save. Then start adding rules for routing.