Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Multi-WAN Mulit-LAN Policy Based Routing Issue (no load balancing)

    Scheduled Pinned Locked Moved Routing and Multi WAN
    4 Posts 2 Posters 923 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • X
      xciter327
      last edited by

      Summarry:

      I have a pfsense box which which has two LANs and two WANs. The box simply NATs all outgoing traffic. What I want to achieve is that LAN1 goes via WAN1 and LAN2 goes out via WAN2. In order to do this we need Policy Based Routing. No load balancing or any other fancy stuff.

      WAN1: x.x.x.x/29 with default GW
      WAN2: y.y.y.y/29 without default GW

      Note: I am unable to NOT have a default gateway. If I disable it in the gateway settings and apply, nothing changes.

      LAN1: 192.168.0.0/24
      LAN2: 192.168.1.0/24

      Firewall Rules:
      LAN1: Allow All with a source of LAN1, any destination, set gateway to WAN1
      LAN2: Allow All with a source of LAN2, any destination, set gateway to WAN2

      Manual Outbound NAT(AON)
      NAT_Rule_1: Interface: WAN1, Source: 192.168.0.0/24, Source Port: *, Destination: *, Destination Port: *, NAT Address: WAN1 Address, NAT Port: *, Static Port: Randomize
      NAT_Rule_2:Interface: WAN2, Source: 192.168.1.0/24, Source Port: *, Destination: *, Destination Port: *, NAT Address: WAN2 Address, NAT Port: *, Static Port: Randomize

      What works:
      Traffic sourced from LAN1.

      What does not:
      Traffic sourced from LAN2.

      P.S. - I tried automatic NAT, both LANs were working, however traffic was only going out via WAN1.

      1 Reply Last reply Reply Quote 0
      • S
        Soyokaze
        last edited by

        Your configuration is correct.
        Make sure, what:
        gw_wan1 and gw_wan2 use DIFFERENT monitoring addresses, or disable monitoring for gw_wan2 completely.
        you rebooted pfsense after mangling with NAT rules.

        Side note - your configuration should work with Auto and Hybrid NAT too, because they only define how outgoing traffic should be NATed on specific interface.

        Need full pfSense in a cloud? PM for details!

        1 Reply Last reply Reply Quote 0
        • X
          xciter327
          last edited by

          Thanks for the reply.

          • The monitoring IPs for the two gateways are different.
          • I have not tried rebooting the device. If this fixes it, I will submit a bug report as In my opinion you should not need to reboot a device to properly apply NAT rules.

          As I remarked I did try Auto and Hybrid mode, however in that case the traffic got routed only via WAN1.

          1 Reply Last reply Reply Quote 0
          • X
            xciter327
            last edited by

            Hi All,

            A quick update for anybody pondering the same issues. The configuration described above works beautifully, with one minor drawback(or major, depends on your point):

            You CANNOT test it from the pfsense itself (meaning you cannot use /Diagnostics/Ping and use one of the LAN IP addresses as source). The second(or third) interface for which Policy Based Routing is necessary will fail to ping to the outside(via WAN2). It appears PBR works for traffic which does not originate from the device doing the PBR (in this case pfsense). This is especially annoying when you do not have physical access to a device on the LAN networks.

            So if your ping tests from the pfsense fail, do not worry and test from a device in the particular network you are PBR-ing.

            Hopefully this helps other people.

            edit: No restart was needed. :)

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.