Default gateway with many Lan a multiwans
-
Hm, I am wondering why you will not be using the laod balancing modus and go either with the fail over modus
instead of!? if you configure load balancing you get both variants in one solution, please correct me if I am wrong!If you set up the both WAN ports and also policy based routing and then one WAN line fails, the entire
load will be pushed over the other WAN interface, but if both WAN interfaces are up, you profiting from
them both also. -
This can be interesting… but can I choose (for some rules) to force a specific gw? For example I need to route the smtp traffic to my smtp provider by a specific interface, not from both.
-
yes, firwall rules work from TOP–>DOWN (first match, wins)
so this would work:
1) source:any destination:smtp gateway: isp1 . . . 5) source any destination:any gateway: loadbalance_gwthis would not get the correct result:
. . . 5) source any destination:any gateway: loadbalance_gw 6) source:any destination:smtp gateway: isp1 -
If I understand the loadbalancer is a good idea, but this do not solve the problem: I need to set all ruote lan to lan with "default" as gateway setting to let pfsense use the default routing table.
-
If I understand the loadbalancer is a good idea, but this do not solve the problem: I need to set all ruote lan to lan with "default" as gateway setting to let pfsense use the default routing table.
This depends on what kind of way you are using the load balancing mode.
- policy based routing
- service based routing
- session based routing
Would be the most common way to realize it clean and stable.
-
Thanks you… I will check for it
-
If I understand the loadbalancer is a good idea, but this do not solve the problem: I need to set all ruote lan to lan with "default" as gateway setting to let pfsense use the default routing table.
you just need to prevent that traffic from LAN1 –> LAN2 doesn't go over the loadbalancer right ?
-create an alias that includes ALL your LAN subnets
-add on the lan1/2/3 a firewall rule on TOP that states: source:any | destination: your_alias | gateway: *
-
I may set the loadbalancer for all destination NOT in this local-subnets alias? Am I right?
-
yes, that would work also.
-
This can be interesting… but can I choose (for some rules) to force a specific gw? For example I need to route the smtp traffic to my smtp provider by a specific interface, not from both.
I do this because I have one WAN interface with static IPs and the other is DHCP. SpamHAUS blocks SMTP from my ISP's DHCP block (for obvious reasons), so I need to force traffic from that server out the one interface. This is the rule I have in place to do that (see attached).
The server is on the LAN which has a different default gateway, and WAN2GW has the static assignment. So I created a rule that says all outgoing traffic must use that gateway. Works like a charm.
