Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Multiple GW and ISP

    Scheduled Pinned Locked Moved General pfSense Questions
    10 Posts 3 Posters 863 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tomli
      last edited by

      Hi All,
      Pfsesnse version: 2.4.5-P1
      Network Diagram
      836fe94e-2a6f-4313-9398-52b972824969-image.png

      User come from ISP2, can I configure Pfsense to route the traffic through Router2? Please advise.

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        How is the user connecting? Through a VPN server on WAN2?

        Yes, you can probably policy route their traffic back out via WAN2 if you need to.

        Steve

        1 Reply Last reply Reply Quote 0
        • T
          tomli
          last edited by

          It is not vpn connection, user open the broswer and input http://isp2 public ip/, then router2 pass the traffic to pfsense.

          I don't want to do SNAT in router2. Would you mind showing me how to do policy route.

          Thanks.

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            So pfsense doesn't really know about ISP 2? It just has a gateway to ISP 1 router?

            Or are these 2 wan connections in pfsense?

            I take it router 1 is like 192.168.1.1 and router 2 is 192.168.1.X?

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • T
              tomli
              last edited by

              So pfsense doesn't really know about ISP 2? It just has a gateway to ISP 1 router?

              **Yes. pfsense configured Gateway only.
              isp1 (default gateway)
              isp2 (gateway)

              Ipv4 Gateway: Automatically**

              Or are these 2 wan connections in pfsense?

              1 wan connections in pfsense (wan: 192.168.1.x)

              I take it router 1 is like 192.168.1.1 and router 2 is 192.168.1.X?

              Correct

              1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator
                last edited by

                Well only way you could do what you want is know what the source IP is going to be, and route back through isp2.. Or source nat so it looks like it came from router 2.

                If you create 2 wan connection in pfsense. Then you can do what you want.. But if pfsense only has 1 wan.. no you can't

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                1 Reply Last reply Reply Quote 0
                • stephenw10S
                  stephenw10 Netgate Administrator
                  last edited by

                  Not clear why you want to source NAT at all here......

                  Do you mean you want users who connect to the webserver behind pfSense via the ISP2 public IP to get replies back via that WAN?

                  Generally that will happen by default anyway.

                  What are you seeing happen currently that isn't what you want?

                  Steve

                  1 Reply Last reply Reply Quote 0
                  • T
                    tomli
                    last edited by

                    1. router1/2 cannot set SNAT. It is because my web server can not get the user real source ip in my web access log.

                    2. user from isp1 - router 1 , pfsense will go back to router 1. user from isp2 - router2, pfsense will go back to router2.

                    1 Reply Last reply Reply Quote 0
                    • johnpozJ
                      johnpoz LAYER 8 Global Moderator
                      last edited by johnpoz

                      Just create another interface on pfsense for router2, and it will work like you want out of the box..

                      Pfsense will do reply-to when it has 2 interfaces.. But since traffic is coming into the same interface from 2 different sources. I do not believe pfsense will send traffic back to the mac address of router2.. When the source of traffic is some public IP.

                      I know of no way to insure that what happens? So just setup 2nd wan.. Use vlan if you must.. What switch do you have between router1 and 2 and pfsense wan? As long as it supports vlans take 2 minutes to setup the 2 wans.

                      An intelligent man is sometimes forced to be drunk to spend time with his fools
                      If you get confused: Listen to the Music Play
                      Please don't Chat/PM me for help, unless mod related
                      SG-4860 24.11 | Lab VMs 2.8, 24.11

                      1 Reply Last reply Reply Quote 0
                      • stephenw10S
                        stephenw10 Netgate Administrator
                        last edited by

                        Yup, that^. Just use two interfaces in pfSense and that will be the default behaviour.

                        Otherwise reply-to uses the gateway defined on the interface.

                        Steve

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.