Very strange dual wan behavior–>policy based routing not working

crtek

hi,
this is my first post here,
please be patient.

My setup is as folows:
WAN x.x.x.190/27
WAN2 x.x.16.177/16
I configured my pfsense following this howto http://doc.pfsense.org/index.php/MultiWanVersion1.2,
-added CARP VIPs on my first wan
-created 1:1 NAT for my ips
-created a rule on the LAN so all of my servers leaves on the correct gateway

All works fine except that I can not connect to my services from any IP from the second WAN.
I can se request reaching my servers with tcpdump and on the firewall log
then enter the pfsense box (still tcpdump), but they does not leave the box. I can see all other packets leaving in the firewall logs but can not see those.

Thanks for helping

crtek

i solved my problem putting a router befor my wan2 nic.
the problem seems policy based routing and the routing table

even if i have a rule in my lan tab on the firewall,
Proto  Source  Port  Destination  Port  Gateway
*        Notranji  *      *              *    x.x.x.161      (Notranji is an alias for all my servers internal ips)

all the traffic that should go to isp2 is not routed by this policy but according to the routing table,
here is mine before putting the router inforont of WAN2 nic

Internet:
Destination        Gateway            Flags    Refs      Use  Netif Expire
default                    x.x.x.161    UGS        0      165    vr0
x.x/16                link#1            UC          0        0    rl0        <–here all my trafic is routed to the WAN2 gateway but according to my LAN rule it
x.x.0.1        00:90:1a:a0:14:01  UHLW        1    1533    rl0    121                                        should go to WAN1 gateway
localhost          localhost          UH          0        0    lo0
192.168.0          link#2            UC          0        0    re0
192.168.0.3        00:01:6c:af:04:ed  UHLW        1      508    re0  1162
192.168.0.21      00:17:08:37:a1:f3  UHLW        1    23638    re0  1176
192.168.0.26      00:19:db:c8:68:a9  UHLW        1    7108    re0  1123
192.168.0.27      00:18:8b:7e:e7:a3  UHLW        1    10306    re0  1199
192.168.0.31      00:19:db:d5:aa:15  UHLW        1  375631    re0    898
192.168.0.40      00:1d:92:01:f4:f7  UHLW        1    2617    re0    932
192.168.0.52      00:01:6c:3c:fd:12  UHLW        1      803    re0  1176
192.168.0.86      00:0f:fe:3f:02:5c  UHLW        1    7580    re0    955
192.168.0.90      00:13:d3:d6:55:bb  UHLW        1    19875    re0  1195
192.168.1          link#3            UC          0        0    re1
192.168.1.3        00:14:2a:2b:0b:cb  UHLW        1    4439    re1    949
192.168.1.5        00:11:5b:ef:6e:6f  UHLW        1    9650    re1    969
192.168.1.132      00:12:a9:56:1a:76  UHLW        1    3830    re1  1134
192.168.1.137      00:13:e8:75:3c:79  UHLW        1    6254    re1  1196
192.168.1.148      00:16:ce:20:10:44  UHLW        1    24456    re1  1101
192.168.1.150      00:18:de:0f:9c:1c  UHLW        1      542    re1  1119
x.x.x.160/27              link#4            UC          0        0    vr0
x.x.x.161                  link#4            UHLW        2    2923    vr0
x.x.x.162                      x.x.x.162    UH          0        0  carp0
x.x.x.163                      x.x.x.163    UH          0        0  carp1
x.x.x.164                      x.x.x.164    UH          0        0  carp2
x.x.x.165                      x.x.x.165    UH          0        0  carp3

is there another way to solve this,
coz I'm planing to have some more IPs from the other isp?
thanks