2 Wan connections, make 1 ip use the second Wan only
-
As the title states. I want to know if and how to make an ip address use the second wan and not the first for outgoing. Is it just in the firewall rules by blocking the ip on the 1st wan and allowing it on the 2nd?
-
@perfectbake420 Yes, you do it via firewall rules, no, you don't block anything. You create a custom Allow All rule just above your default Allow All rule that directs only that IP's traffic to your other gateway.
-
No need to block anything. Just use PBR (Policy Based Routing). As @KOM stated, create a permit firewall rule and change specify the gateway in the advanced settings of the rule. Also, place the rule above any other rules that would match the traffic that the new rule is intended for.
-
Thank you both. I appreciate the help
-
No problem.
You may need to add an outbound NAT rule for the single IP if you are routing private a IP into public space. The configuration would be to match the 1 IP on the 'second WAN'
-
I have added the second (actually 3rd, 2nd is a verizon failover) WAN to the pfSense. I have created a rule on the WAN to block any protocol source is 192.168.1.2 and destination is any. It is not blocking my traffic on the main WAN. I also created a WAN2 rule to allow all traffic from any source to go to destination 192.168.1.2. Under advanced I set the gateway as the WAN2 gateway.
Am I missing something?
-
@perfectbake420 Firewall rules apply to the interface they enter, not exit. Also, existing states are not affected by a rule change. You need to clear the states of the specific clients/devices your new rule applies to before they will obey the new rule.