[SOLVED] floating rules to switch gateway



  • Hello everyone! I'm new to this forum!
    I have a problem and i need to solve it, i try to explain as cleasr as possible:

    I have a LAN, WAN1 and WAN2. I want send the internet traffic of one host (192.168.0.50) to gateway 2 of lan 2, and other hosts to the default gateway1 of wan .

    Network scheme:

    i try to onfing a floating rule like this:



    i think that the host 192.168.0.50 should go out on the gateway 2 of wan2 (in this case not surfing, because unlinked) but despite this rule can navigate without problems, where am I wrong?
    thanks a lot


  • LAYER 8 Global Moderator

    You have direction set to out on your floating rule.. So that is traffic leaving pfsense into those networks when the source IP is the 0.50?  huh??

    How is it this lan IP ever be a source into your lanwifi interface?

    If want to policy route..  Then you need to send traffic that is inbound into a pfsense interface out a specific gateway.. This would normally be done on the lan interface, not floating..



  • you're right, it was enough to set the rule ina LANWIFI interface and it works well.
    I apologize,  i'm new to pfsense! but then floating rules when used?


  • LAYER 8 Global Moderator

    You would use floating rules when for example you want to set same rule on a bunch of interfaces.  But to be honest if its only a handful of interfaces I would just do them on the interfaces directly if repeat say rules.. Like blocking access to specific dest IP or port..  But its easier if all the rules allowing and blocking traffic on a network is done right on that interface tab vs the floating tab.. Since its easier to see what exactly will happen with traffic entering that interface.

    You would use them in the case where you need to block traffic outbound, or it makes sense to just put in 1 rule on the wan outbound.. You could for example place a rule there to block say 25 outbound on your wan.. This way none of your inside networks could talk outbound on 25.

    But its always best to block the traffic before it even enters the firewall, vs letting the firewall process the traffic in and then just stop it from leaving.

    Floating is normally going to be used for more advanced configuration.. Normal use would rarely ever had need for any sort of rules in floating.  You might put some rules in in there if you want to mark some traffic and use that mark on some other rule, etc.  All comes down to what your trying to accomplish exactly - and the best way to skin that cat.

    But with as simple policy route for 1 interface, yeah just put the rule on the interface directly is normally your best bet.


Log in to reply