Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Multi-Wan stops traffic between LANs

    Scheduled Pinned Locked Moved Routing and Multi WAN
    6 Posts 2 Posters 765 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I
      ironwood
      last edited by

      I have an XG-7100 on version 21.05.
      Here are my networks:

      • LAN
      • Office
      • LAN 2

      I have 2 cradlepoint(Verizon Wireless) Gateways that work. When I try to load balance them, the office network cannot access the LAN2 network(LAN2 contains my Host servers and switches).

      If I set the gateway back to "default", Office can see LAN2 again. I'm not sure what I've done wrong here. I have tried clearing the State as well with no luck.

      Any help or guidance on what to do? Config images below

      alt text
      alt text
      alt text
      alt text
      alt text
      alt text

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @ironwood
        last edited by

        @ironwood
        Set the gateway group as default gateway in System > Routing > Gateways > Default gateway and remove it from the firewall rule.

        I 1 Reply Last reply Reply Quote 1
        • I
          ironwood @viragomann
          last edited by

          @viragomann I've been battling this all week and you are a life saver! Thank you for your response.

          I'm curious why this works vs setting them in the firewall rules? Thoughts?

          V 1 Reply Last reply Reply Quote 0
          • V
            viragomann @ironwood
            last edited by

            @ironwood
            With the gateway option in the firewall rule, you do policy routing. This means, this rule directs all traffic it allows to the active gateway of the gw group in this case.
            However, this rule then doesn't pass any traffic to internal destinations at all. To pass such traffic you need a rule without a gateway set.

            Also as I understood your aim you don't need policy routing. So if you only want to have a gateway failover group the way to go here is to set the gw group as default gateway globally for the system.

            I 1 Reply Last reply Reply Quote 1
            • I
              ironwood @viragomann
              last edited by

              @viragomann Ok this makes sense. So I would need to create 2 seperate rules instead of combining them into one rule when dealing with internal routing and gateway routing. Appreciate the explanation!

              V 1 Reply Last reply Reply Quote 0
              • V
                viragomann @ironwood
                last edited by

                @ironwood
                Yes, if you have a policy routing rule on an interface you have add an additional route for permiting internal traffic above of it.
                This also concerns access to services provided by pfSense itself like DNS.

                1 Reply Last reply Reply Quote 1
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.