Access to the internet
-
Yes, you can do that with policy-based routing. Use firewall rules to direct traffic from particular subnets or VLANS to specific WANs. I can't provide specific guidance since I odn't have this configuration to play with. Search these forums and online for policy-based routing info.
-
@KOM:
Yes, you can do that with policy-based routing. Use firewall rules to direct traffic from particular subnets or VLANS to specific WANs. I can't provide specific guidance since I odn't have this configuration to play with. Search these forums and online for policy-based routing info.
Thanks KOM I'll search that
-
https://doc.pfsense.org/index.php/What_is_policy_routing
And you'll need this for traffic between your VLANs:
https://doc.pfsense.org/index.php/Bypassing_Policy_Routing
-
That policy-based routing page is practically useless without some examples and I never link to it because of that.
-
Oh well. We have the documentation we have.
-
hi everyone
I found some detail about policy-based routing and did some changes but It didn't work for me.
Now what I want to do is -
users is VLAN 1 (network 10.238.56.0) give access to internet through WAN1
users is VLAN 2 (network 10.238.59.0) give access to internet through WAN2what I did in pfsense -
system–>gateways-->
1.create 2 gateways for my 2 WANs
2.create a gateway for my LAN
3.WAN1 is selected as default
4.routes added to my 2 networks
10.238.56.0
10.238.59.0
5.no gateway groups addedFirewall–> Rules-->LAN
1.added 2 rules for my 2 networks
Eg- LAN 1
Action - pass
Interface - LAN
Protocol - TCP
Source - type - network
address - 10.238.56.0/24
destination - type - single host or alias/network/wan1 net/wan1 address/wan2 net/wan2 address
address -
advance features –> Gateway - WAN1Eg- LAN 2 same as above
please can anyone tell me
1. what is the suitable for
destination - type - single host or alias/network/wan1 net/wan1 address/wan2 net/wan2 address
2.is that need to add rules for WAN1 and WAN2 in Firewall--> Rules
-
1. For internet access the destination should be any.
You should also be passing IPv4 any protocol, not just TCP.
2. You don't need any rules on WAN1 or WAN2 unless you want to pass connections FROM the internet INTO pfSense (you are running servers that internet users need to access).
-
1. For internet access the destination should be any.
You should also be passing IPv4 any protocol, not just TCP.
2. You don't need any rules on WAN1 or WAN2 unless you want to pass connections FROM the internet INTO pfSense (you are running servers that internet users need to access).
thanks Derelict for your quick response.. now I changed like you said but still both networks using same gateway for access to the internet
what about floating rules is that necessary??
-
No.
Firewall–> Rules-->LAN
1.added 2 rules for my 2 networks
Eg- LAN 1
Action - pass
Interface - LAN
Protocol - TCP
Source - type - network
address - 10.238.56.0/24
destination - type - single host or alias/network/wan1 net/wan1 address/wan2 net/wan2 address
address -
advance features --> Gateway - WAN1Eg- LAN 2 same as above
Can you do screenshots of both Firewall > Rules pages for both LAN interfaces? Both System > Routing > Gateways?
-
yes I can
-
-
Might be just me but those are mostly too low-resolution to read.
-
sorry
-
What's LANGW, a gateway group?
-
-
Yeah those images aren't any good either. Just attach the images using the attachment tool in the forum posting form. Works great. Not sure why people insist on doing something else.
-
Nope. Still just thumbnails for me. Dont have time to deal with why multiple browsers don't display postimg correctly. Post them so people can see them.
![Screen Shot 2015-08-30 at 12.33.21 AM.png](/public/imported_attachments/1/Screen Shot 2015-08-30 at 12.33.21 AM.png)
![Screen Shot 2015-08-30 at 12.33.21 AM.png_thumb](/public/imported_attachments/1/Screen Shot 2015-08-30 at 12.33.21 AM.png_thumb) -
Not for me they're not. Even after clearing cache 4 of 5 are still thumbnails.
![Screen Shot 2015-08-30 at 12.43.51 AM.png](/public/imported_attachments/1/Screen Shot 2015-08-30 at 12.43.51 AM.png)
![Screen Shot 2015-08-30 at 12.43.51 AM.png_thumb](/public/imported_attachments/1/Screen Shot 2015-08-30 at 12.43.51 AM.png_thumb) -
Current Firefox, Current Safari, Current Chrome. Dude needs to post so people can read it.
-
No proxies, bro. (IE11 in a Windows 7 VM for good measure. Same result. Images 1,3,4,5 thumbnails. 2 is legible.)
Unless it's ISP shenanigans but that would be a first here.
Same results on Firefox and IE on Windows 7 VM in a datacenter on a completely different ISP. Maybe it's you who needs to force-reload.
-
Are you having your days, or what? Get some sanitary products, perhaps, and go vent those issues elsewhere. Images re-attached for convenience of Mr. Derelict Asshole.
-
I'll be sure to include quotes next time so you can't delete the context when you're proven to be going off in your typical abrasive fashion but are totally wrong.
NOTHING pisses me off more than being told I'm wrong by some nonsensical blowhard when I know (and can prove) I'm right.
-
Ugh. So OP is trying to MultiWAN by using two different IP subnets on the same LAN segment. Instead of laying into me why don't you lay into that in your usual manner.
Or is there an L3 switch/downstream router we weren't told about?
OP what is LANGW?
-
Ugh. So OP is trying to MultiWAN by using two different IP subnets on the same LAN segment. Instead of laying into me why don't you lay into that in your usual manner.
Or is there an L3 switch/downstream router we weren't told about?
OP what is LANGW?
yes there is L3 switch and routing between these networks are working fine.
10.238.81.0 network that pfsense server exist
10.238.56.0 users VLAN1
10.238.59.0 users VLAN2LANGW is LAN network (10.238.81.0) that pfsense server exist