Policy base routing not working traffic is not forwarded to specified gateway and always go to the default gw
-
By default Windows tracert uses ICMP and both Mac OS X and Linux traceroute use UDP.
so if you are running traceroute on windows, your rules dont apply
-
That rule is TCP/UDP only, you may want 'any' there as Heper said.
The traffic may be matched by another rule first. That rule must be above any other rules that might pass it on the LAN2 tab. Also check for floating rules and interface groups which are both processed first.
There may have been an open firewall state for that traffic via WAN1 when you tested. Make sure to clear the states between tests if you add new rules.
Steve
-
Hi Guys,
I cannot make this thing work I've tried your suggestion setting protocol to any. I even reset the state and tried restarting the appliance but still all the traffic is forwarded to the default WAN.
Any other ideas or suggestion?
Thank you,
-
Post screen shots of your LAN rules and your gateway group configuration.
-
-
On that setup even though the PRESIDENT net gateway is set to use the WAN_DHCP as per testing and checking it still using the WAN2GW which is my default gateway.
-
Very unlikely, if not impossible. Something is not how it seems.
-
@derelict Tell me what is wrong. thanks
-
Not sure based on the information at hand. Have you messed about with floating rules?
-
@derelict i don't have floating rules configured
-
Chat the contents of /tmp/rules.debug to me then. And please specify exactly how you are testing. Source IP address, dest IP address, method of testing.
Execute
cat /tmp/rules.debugin Diagnostics > Command Prompt and copy/paste the output. -
@derelict dude i send to you the rule.debug dump let me know if you find the resolution. thank you
-
You have WAN, WAN1, and WAN2 defined. You are policy routing PRESIDENT out WAN, not WAN1. You stated you have two WANs but there are three. What, exactly, are you trying to do?
GWWAN1GW = " route-to ( lagg0.101 X.X.X.225 ) "
GWWAN2GW = " route-to ( lagg0.102 Y.Y.Y.113 ) "
GWWAN_DHCP = " route-to ( lagg0.4090 192.168.1.1 ) "pass in quick on $PRESIDENT $GWWAN_DHCP inet from 10.10.8.0/24 to any tracker 1531493401 keep state label "USER_RULE"
-
@derelict thanks for looking on it. Policy routing is not working. As you can see the president although on policy it is set to wan. But on the contrary it still uses the wan2 which the default gateway. What i want is to make that work.
-
@derelict all is working my pfsense setup except the policy routing.
-
What WANs are supposed to be active? You have WAN WAN1 and WAN2 but you said you only have 2 WANs. I think you need to delete the WAN gateway and policy route to WAN1 instead. But I'm kind of just guessing because you seem to not be reading what I am saying.
In other words, change the policy routing on PRESIDENT to GWWAN1GW instead of GWWAN_DHCP and test again.
-
@derelict my friend all of those is active. Yeah on start of the topic i mention 2 wans but just summarize my issue so its more direct. But now i showed you the real scenario.
So what i wanted is to have that president vlan use the wan as its gateway.
-
And the wan1 im using it for my web and outside communication. Wan and wan2 is for surfing
-
Just for testing before i use the wan1 for president gateway before but its still the same it did not work also.
-
And that is what it will do. Not sure what you are doing wrong. Maybe a testing flaw.
Policy routing pretty much just works.
What is the source IP address you are testing from? How are you testing?
Are you getting any alerts at the top of the dashboard that the filter rules can't load or anything?
