Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Multi LAN & WAN Routing woes

    Routing and Multi WAN
    2
    2
    889
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      Daeta last edited by

      Hello and thank you for reading.

      I have a network with 3 physical LAN networks and we just had our 2nd physical WAN connection installed.

      I need to do the following.  I could go over everything I did but I think that will just confuse the situation.

      So, here's what I need to do.
      10.10.x.x/16   <lan_1>10.15.x.x/16   <lan_2>10.20.x.x/16   <lan_3>33.44.55.66   <wan_1>77.88.99.00   <wan_2>Routing as follows

      LAN 1&3::   need to talk to each other

      LAN 2&3::   need to talk to each other

      LAN 1&2::   Need to use WAN_1 for internet and fail-over to WAN_2

      LAN 3::   Needs to use WAN_2 for internet and fail-over to WAN_1

      I've tried several configurations that others have done w/ good ole Google…  But, none of them are exactly what my case is.

      The best I have been able to do is setup 'Gateway Groups' and assign them to the firewall rule.  I was then able to get traffic out the WAN interface I needed but then I couldn't get to my other LAN networks.  I was able to verify via a trace route that I was going out the correct interface.  Although the throughput was horrible.  (Averaging 10% of the allowable bandwidth for the link.  testing with my laptop verified that I was able to get full bandwidth)

      I'm guessing I am missing something with regards to routing.  Any assistance would be greatly appreciated.

      Cheers!</wan_2></wan_1></lan_3></lan_2></lan_1>

      1 Reply Last reply Reply Quote 0
      • Derelict
        Derelict LAYER 8 Netgate last edited by

        You need to bypass policy routing when you set the gateway groups. That means, for instance, a pass rule on LAN_1 that passes traffic to LAN_3 that does not set a gateway (meaning it's set to the default gateway).

        After that you can place the rule that passes traffic to any (the internet) and sets the gateway group.

        Traffic routed to a specific gateway, or policy routed, is sent to that gateway with no further checks.

        https://doc.pfsense.org/index.php/What_is_policy_routing

        https://doc.pfsense.org/index.php/Bypassing_Policy_Routing

        Chattanooga, Tennessee, USA
        The pfSense Book is free of charge!
        DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • First post
          Last post