Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    MultiWAN. Cannot route specific traffic to specific gateway

    Scheduled Pinned Locked Moved Routing and Multi WAN
    4 Posts 3 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      a_sand
      last edited by

      Hello!

      I tried a few options and all of them did not work as I expected.

      I have 3 ISP's and 3 gateways based on old FreeBSD. I do not want to interfere with them as much as possible because they are configured by the previous administrator in an unknown way.
      Immediatly behind this gateways placed pfSense with 3 WAN interfaces (em1 - em3) connected to upstream GW's and one LAN adapter (em0) connected to LAN.
      There is several subnets/VLAN's configured on LAN, NAT disabled on pfSense.
      I do not use gateway groups at this moment. (Yes, I know that I actualy use only one ISP at the moment.) One of gateways marked as default and all works fine.

      For example - GW2 is default, GW3 for this experiment and GW1 is in iddle (but online) state.

      Now I want to publish web server in my LAN to Internet.

      I have create another one VLAN just for testing (VLAN 1500, IP - 10.150.0.0/24). I have deploy a Linux web server (10.150.0.9) in this subnet and configure port forwarding on GW3 (Public IP 3, port 80 and 443 to LAN IP 10.150.0.9 to the same ports).
      Of course I have configured specific firewall rule on this VLAN (if source = 10.150.0.9 and dst not in my LAN - use gateway GW3)

      Now external requests (monitored via tcpdump on each server/interface) are reachs the Web server but when Web server sends a reply this packet leaves my network via GW2 - default gateway instead of GW3. Packet/state counters on the new firewall rule displays 0/0 always.

      But when I do "traceroute google.com" from this web server - all traffic goes via GW3 as expected…..

      What is wrong??

      Any help is appreciated.
      Thank you!!!

      1 Reply Last reply Reply Quote 0
      • C
        Cheegii
        last edited by

        Play with RULE and choose a gateway in advanced settings which you want to route.

        1 Reply Last reply Reply Quote 0
        • A
          a_sand
          last edited by

          @Cheegii:

          Play with RULE and choose a gateway in advanced settings which you want to route.

          I already played with it…
          It works for pure outgoing traffice (traceroute from this host to Internet for example) but does not works for reply-packets for incoming traffic.
          All replies goes through default gateway.  >:( >:( >:(

          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by

            Then your problem is upstream. pfSense cannot control which interface reply traffic arrives on. It can only control which interface is used for sending.

            Based on the information given so far….

            You will need to provide a lot more details to make a real diagnosis.

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.