Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Problem with routing traffic to a different gateway

    Scheduled Pinned Locked Moved Routing and Multi WAN
    2 Posts 2 Posters 169 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      nwx
      last edited by

      Hie,

      First of all, sorry for my bad english !

      I try to configure PFsense (last version) to have the following purpose.

      Schéma.jpg

      I wish that my clients in VLAN 1 contact the website (call here, toto.com) through my private network.

      I've made the following step to configure PFsense.
      I configure my private gateway (192.168.0.251),
      04e8bd24-3f8c-40a8-8c52-7eac9509a03f-image.png

      set a static route (i don't know if this is required) and implement a firewall rule (for VLAN 1 zone) for redirecting the website traffic of the VLAN 1 client through the private GW.
      1c98e2c7-06a2-4f01-bb60-1002962b91c2-image.png

      But it's actualy not working and i don't understand why. All internet surf of the client seems to be redirected on the default gateway.
      When i make some traceroute from a client, it indicate the good path.

      ex1 : traceroute to an internet site.
      39d44bb6-a055-4bc2-99fc-3e360a24bf62-image.png

      ex2 : traceroute to my specific website :
      31d46f7a-599a-4dea-8607-5166afd5e605-image.png

      surf on the website indicate I'm connecting from the public IP of my default gateway not my private GW :
      67ca2e39-997a-408d-99fa-a6b07fc7a2c8-image.png

      (all the tests is made from the same PC).

      Do you have any ideas of what going wrong ?
      Thank you for yours tips or answers.

      Éric

      1 Reply Last reply Reply Quote 0
      • V
        viragomann
        last edited by

        Have you restarted the browser session or reset the states on pfSense?

        tracert is not representative here, cause it uses ICMP and you have allowed this traffic in your first rule on this interface.
        You may move your policy routing rule up to the top of the rule set, so that it is applied for ICMP packets as well.

        Since you have enabled logging in all of the rules, check the filter log to get an idea which rule allows the traffic. Maybe a floating rule?

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.