Multiple GW and ISP
-
Hi All,
Pfsesnse version: 2.4.5-P1
Network Diagram
User come from ISP2, can I configure Pfsense to route the traffic through Router2? Please advise.
-
How is the user connecting? Through a VPN server on WAN2?
Yes, you can probably policy route their traffic back out via WAN2 if you need to.
Steve
-
It is not vpn connection, user open the broswer and input http://isp2 public ip/, then router2 pass the traffic to pfsense.
I don't want to do SNAT in router2. Would you mind showing me how to do policy route.
Thanks.
-
So pfsense doesn't really know about ISP 2? It just has a gateway to ISP 1 router?
Or are these 2 wan connections in pfsense?
I take it router 1 is like 192.168.1.1 and router 2 is 192.168.1.X?
-
So pfsense doesn't really know about ISP 2? It just has a gateway to ISP 1 router?
**Yes. pfsense configured Gateway only.
isp1 (default gateway)
isp2 (gateway)Ipv4 Gateway: Automatically**
Or are these 2 wan connections in pfsense?
1 wan connections in pfsense (wan: 192.168.1.x)
I take it router 1 is like 192.168.1.1 and router 2 is 192.168.1.X?
Correct
-
Well only way you could do what you want is know what the source IP is going to be, and route back through isp2.. Or source nat so it looks like it came from router 2.
If you create 2 wan connection in pfsense. Then you can do what you want.. But if pfsense only has 1 wan.. no you can't
-
Not clear why you want to source NAT at all here......
Do you mean you want users who connect to the webserver behind pfSense via the ISP2 public IP to get replies back via that WAN?
Generally that will happen by default anyway.
What are you seeing happen currently that isn't what you want?
Steve
-
-
router1/2 cannot set SNAT. It is because my web server can not get the user real source ip in my web access log.
-
user from isp1 - router 1 , pfsense will go back to router 1. user from isp2 - router2, pfsense will go back to router2.
-
-
Just create another interface on pfsense for router2, and it will work like you want out of the box..
Pfsense will do reply-to when it has 2 interfaces.. But since traffic is coming into the same interface from 2 different sources. I do not believe pfsense will send traffic back to the mac address of router2.. When the source of traffic is some public IP.
I know of no way to insure that what happens? So just setup 2nd wan.. Use vlan if you must.. What switch do you have between router1 and 2 and pfsense wan? As long as it supports vlans take 2 minutes to setup the 2 wans.
-
Yup, that^. Just use two interfaces in pfSense and that will be the default behaviour.
Otherwise reply-to uses the gateway defined on the interface.
Steve
