• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

interface groups - multi wan

Scheduled Pinned Locked Moved Firewalling
4 Posts 2 Posters 919 Views 2 Watching
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • 4 Offline
    4o4rh
    last edited by May 23, 2022, 7:21 PM

    "Interface groups are not effective with Multi-WAN because group rules cannot properly handle reply-to. Due to that deficiency, traffic matching a group rule on a WAN that does not have the default gateway will go back out the WAN with the default gateway, and not through the interface which it entered." -

    does this mean interface groups are not effective on wan interfaces when multiple wans exist, or they are not effective on any interface i.e. lan groups when multple wans exist?

    V 1 Reply Last reply May 23, 2022, 8:35 PM Reply Quote 0
    • V Offline
      viragomann @4o4rh
      last edited by May 23, 2022, 8:35 PM

      @gwaitsi
      The reply-to tag is added to a connection by the firewall rule which allows the incoming traffic. This requires that the interface, which the rule is applied, is unique and that it has a gateway assigned.
      Interface group rules don't have a unique interface naturally. Hence pfSense does not add the reply-to to connections which are allowed by such rules.
      The same applies to floating rules.

      However, you can use interface groups for internal interfaces to share rules though, even with a multi WAN setup.

      4 1 Reply Last reply May 24, 2022, 5:08 AM Reply Quote 0
      • 4 Offline
        4o4rh @viragomann
        last edited by May 24, 2022, 5:08 AM

        @viragomann so in simply english, if i have 2 wan connected and 2 lans, i can use an interface group for the 2 LANs, but not the 2 WANs, correct ?

        V 1 Reply Last reply May 24, 2022, 9:58 AM Reply Quote 0
        • V Offline
          viragomann @4o4rh
          last edited by May 24, 2022, 9:58 AM

          @gwaitsi
          Correct. Reply-to is only needed on WANs (interfaces with a gateway assigned to it).

          1 Reply Last reply Reply Quote 0
          4 out of 4
          • First post
            4/4
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
            This community forum collects and processes your personal information.
            consent.not_received