Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Different hosts through different WAN's

    Scheduled Pinned Locked Moved General pfSense Questions
    3 Posts 2 Posters 782 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T Offline
      Tweebeenvis
      last edited by

      Hi Guys,

      I have a situation where I have 2 WAN interfaces. WAN1 is a PPOE connection to my ISP and WAN2 goes to a 3G router that assigns the WAN2 interface a DHCP lease in a private IP range (192.168.0.254).

      WAN 1 is the default gateway (under routing) and is used by all clients on the LAN.
      WAN2 is meant as backup for only my devices- When WAN1 goes down, everything should be down except the devices I choose (I do the switchover manually by enabling a firewall rule).

      The rules change the gateway of my devices to WAN2 (under advanced rule settings).

      The problem is: When WAN1 goes down it seems all other traffic from all other lan clients is also being pushed out through WAN2. I was under the impression, that seeing as WAN1 is the default gateway, no traffic would be passed when it is down.

      I put the rules before the default Lan rule.
      I have have no gateway groups assigned.
      Because WAN2 is a private network IP - These are not being blocked (unticked option)
      Default gateway switching IS NOT enabled.
      I played with "skip rules when gateway is down" - this had other undesirable effects (Can't access local resources).

      Not sure if I'm missing something really basic but this setup worked well for me on Pfsense 2.1 (If I recall correctly).

      I've attached my rules.

      Any advise would be greatly appreciated.

      pfsenseWAN.png
      pfsenseWAN.png_thumb

      1 Reply Last reply Reply Quote 0
      • DerelictD Offline
        Derelict LAYER 8 Netgate
        last edited by

        It sounds like you should create a gateway group with WAN1 as Tier 1 and WAN2 as Tier 2.

        Change the rule that routes MyLTPeth to WAN2_DHCP to route to that gateway group instead.

        Leave WAN1 set as the default gateway.

        Turn default gateway switching off.

        Turn skip rules when gateway is down off.

        If WAN1 goes down, hosts in the MyLTPeth alias should start using WAN2. Everyone else will have no route out.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • T Offline
          Tweebeenvis
          last edited by

          Thanks so much Derelict :) Working now. Used to be able to do this without gateway groups , hmmmm. Anyways, really appreciate the feedback.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.