Multi LAN & WAN Routing woes
-
Hello and thank you for reading.
I have a network with 3 physical LAN networks and we just had our 2nd physical WAN connection installed.
I need to do the following. I could go over everything I did but I think that will just confuse the situation.
So, here's what I need to do.
10.10.x.x/16 <lan_1>10.15.x.x/16 <lan_2>10.20.x.x/16 <lan_3>33.44.55.66 <wan_1>77.88.99.00 <wan_2>Routing as followsLAN 1&3:: need to talk to each other
LAN 2&3:: need to talk to each other
LAN 1&2:: Need to use WAN_1 for internet and fail-over to WAN_2
LAN 3:: Needs to use WAN_2 for internet and fail-over to WAN_1
I've tried several configurations that others have done w/ good ole Google… But, none of them are exactly what my case is.
The best I have been able to do is setup 'Gateway Groups' and assign them to the firewall rule. I was then able to get traffic out the WAN interface I needed but then I couldn't get to my other LAN networks. I was able to verify via a trace route that I was going out the correct interface. Although the throughput was horrible. (Averaging 10% of the allowable bandwidth for the link. testing with my laptop verified that I was able to get full bandwidth)
I'm guessing I am missing something with regards to routing. Any assistance would be greatly appreciated.
Cheers!</wan_2></wan_1></lan_3></lan_2></lan_1>
-
You need to bypass policy routing when you set the gateway groups. That means, for instance, a pass rule on LAN_1 that passes traffic to LAN_3 that does not set a gateway (meaning it's set to the default gateway).
After that you can place the rule that passes traffic to any (the internet) and sets the gateway group.
Traffic routed to a specific gateway, or policy routed, is sent to that gateway with no further checks.
https://doc.pfsense.org/index.php/What_is_policy_routing
https://doc.pfsense.org/index.php/Bypassing_Policy_Routing