Policy base routing not working traffic is not forwarded to specified gateway and always go to the default gw
-
Im using XG-7100 and the latest pfsense version. all is working well but i have this issue on policy base routing.
the scenario:
I have 2 WAN(gateways) and a 2 LANs.
i wanted each LANs to use specific WAN.Gateway setup
WAN1 gateway is set to default
WAN2 gatewayLAN1 rule i set the gateway to use the WAN1 gateway.
LAN2 rule i set the gateway to use the WAN2 gateway.issue:
even though LAN2 was set to use the WAN2 gateway when i test it its still use the default gateway which is the WAN1.Need your help on this.
Thank you.
-
need more details.
post rules & gateway settings -
Here
Rule
Action: Pass
Interface: Lan1
address:ipv4
protocol: tcp/udp
source: any
destination:any
Gateway: WAN1(which is the default gw)
Rule
Action: Pass
Interface: Lan2
address:ipv4
protocol: tcp/udp
source: any
destination:any
Gateway: WAN2
but still when testing it by tracing route the of Lan2 it still use the WAN1 -
By default Windows tracert uses ICMP and both Mac OS X and Linux traceroute use UDP.
so if you are running traceroute on windows, your rules dont apply
-
That rule is TCP/UDP only, you may want 'any' there as Heper said.
The traffic may be matched by another rule first. That rule must be above any other rules that might pass it on the LAN2 tab. Also check for floating rules and interface groups which are both processed first.
There may have been an open firewall state for that traffic via WAN1 when you tested. Make sure to clear the states between tests if you add new rules.
Steve
-
Hi Guys,
I cannot make this thing work I've tried your suggestion setting protocol to any. I even reset the state and tried restarting the appliance but still all the traffic is forwarded to the default WAN.
Any other ideas or suggestion?
Thank you,
-
Post screen shots of your LAN rules and your gateway group configuration.
-
-
On that setup even though the PRESIDENT net gateway is set to use the WAN_DHCP as per testing and checking it still using the WAN2GW which is my default gateway.
-
Very unlikely, if not impossible. Something is not how it seems.
-
@derelict Tell me what is wrong. thanks
-
Not sure based on the information at hand. Have you messed about with floating rules?
-
@derelict i don't have floating rules configured
-
Chat the contents of /tmp/rules.debug to me then. And please specify exactly how you are testing. Source IP address, dest IP address, method of testing.
Execute
cat /tmp/rules.debugin Diagnostics > Command Prompt and copy/paste the output. -
@derelict dude i send to you the rule.debug dump let me know if you find the resolution. thank you
-
You have WAN, WAN1, and WAN2 defined. You are policy routing PRESIDENT out WAN, not WAN1. You stated you have two WANs but there are three. What, exactly, are you trying to do?
GWWAN1GW = " route-to ( lagg0.101 X.X.X.225 ) "
GWWAN2GW = " route-to ( lagg0.102 Y.Y.Y.113 ) "
GWWAN_DHCP = " route-to ( lagg0.4090 192.168.1.1 ) "pass in quick on $PRESIDENT $GWWAN_DHCP inet from 10.10.8.0/24 to any tracker 1531493401 keep state label "USER_RULE"
-
@derelict thanks for looking on it. Policy routing is not working. As you can see the president although on policy it is set to wan. But on the contrary it still uses the wan2 which the default gateway. What i want is to make that work.
-
@derelict all is working my pfsense setup except the policy routing.
-
What WANs are supposed to be active? You have WAN WAN1 and WAN2 but you said you only have 2 WANs. I think you need to delete the WAN gateway and policy route to WAN1 instead. But I'm kind of just guessing because you seem to not be reading what I am saying.
In other words, change the policy routing on PRESIDENT to GWWAN1GW instead of GWWAN_DHCP and test again.
-
@derelict my friend all of those is active. Yeah on start of the topic i mention 2 wans but just summarize my issue so its more direct. But now i showed you the real scenario.
So what i wanted is to have that president vlan use the wan as its gateway.
