Issues with Multi-Lan routing with Multi-Wan
-
So here's my setup…
I have changed the IP addresses obviously.
I have 3 LAN subnets.
192.168.0.0/21
192.168.8.0/21
10.0.0.0/24So they're all connected into their own port on the pfsense box.
I have three WAN's...
Lets say
172.16.0.30 with gateway 172.16.0.1
168.192.1.73 with gateway 168.192.1.78
72.140.210.2 with gateway 72.140.210.1so I setup firewall rules allowing each lan to go anywhere...
If I leave it like that all LAN's can communicate with all services & have internet access.
However, the moment I group the WAN's together nothing... Even if I set each LAN's allow all to any rule to use the group. The LAN's can no longer talk to each other. I'm not 100% sure if the other LAN's have internet access but doesn't really matter since once I group the WAN's the LAN's lose all connections.
In my previous test setup when I created a group called MultiWAN i got a new tab in the firewall rules area called MultiWAN.
This time nothing... Does anyone have an idea of what I've done wrong? I'm sure it's blatantly obvious I've just had too much stuff going on and can only mess around with this stuff after hours after all the engineers have gone home. So I'm tired and I"m sure i'm missing something.
This isn't extremely crucial because internet & services are up, but would like to get the auto-wan failover back up.
THanks!!
-
You need a rule above the others that passes traffic between local subnets that has the gateway left at "default" so it follows the system's routing table. then under that would be your catchall rule that has the gateway set to your load balancing/failover group.
-
Ok.. .So I have a floating rule that
Proto * Source 192.168.0.0/21 port * Destination * Port * Gateway *
And the same for my other networks… Allowing the three subnets anywhere.What do I need to add as a rule that has my gateway set as load balancing??
Do I create a rule saying source any with a destination of where? And set it's gateway as my failover?
I didn't have any issues when I set this up before but like I said I had one LAN that was coming from a router that was doing the subnet routing. So I obviously need to add something in that I didn't before.
-
That rule isn't right, but there isn't enough information to really tell you what the right rule would be.
If you are using floating rules, rather than rules on each interface, it gets much more confusing to setup.
Either way you need two rules:
Pass any proto from <local subnets="">to <local subnets="">gateway <default>Pass any proto from <local subnets="">to <any>gateway <whatever gateway="" group="" you="" want="">The first rule bypasses the policy routing for the outbound load balancing/failover.
If you use floating rules, those should only be applied in the "in" direction on the internal interfaces.</whatever></any></local></default></local></local>
