Dual WAN with DUAL LAN (no failover)

  • Hi there,

    I have setup the firewall with two independent WAN and two independent LAN interfaces.
    Goal is to NAT traffic from LAN01 via WAN01 and LAN02 via WAN02.
    Therefore I have created the following AON NAT rules:

    LAN01 = with GW (firewall)
    LAN02 = with GW (firewall)

    The Gateways are as well created, with no default gateway set and are also reachable:

    When I connect now on LAN01, I am going via the correct LAN01 route and gateway to the internet.
    When I do the same on LAN02, DNS is resolving, but there is no connection to the www. Looks to me like a missing route.

    Finally I figured out, that when I select WAN02 as the default Gateway under System/Routing/Gateways, then I can also reach the internet via LAN02,
    but then LAN01 is of course off.
    So how can I fix this issue, as there is only one Default Gateway available - either for LAN01 or LAN02.
    Looks like the gateway rules are not working properly.

    I do not want any failover or load balancing between the WAN's,. Both networks must remain independent from each other, even if one WAN fails.
    For this scenario I know, there are a lot of topics.

    Many thanks in advance!

  • I figured it out finally by myself.

    There is an option called "Policy Based Routing" under Firewall/Rules/LAN
    You need to force the LAN net to use a dedicated GW, which is configured under System/Routing/Gateways.

    Like this you can get around the default GW problem (pfsense will always choose one and add it to its routing table regardless if you chose one or not)
    The one which is chosen by the system (normally the top one in the list) is then also used by the NAT rules.
    A little confusing, because you expect the NAT rules to do this for you.

    Anyway, thanks for reading  8)

  • Can u post screenshots on your configuration?

    I want to do the same but something is not working.

Log in to reply