Traffic through another wan, 2WAN 1LAN 1VLAN
-
@viragomann here is the table
-
@gdsf
Why are there commas in the monitoring IP?
I don't expect that this can be used. -
@viragomann for some reason google translator put it, but when it left the native language it has dots
-
@gdsf
Google translator modifies a screenshot??So the WAN2 gateway is online, but traffic still goes out on WAN1 from VLAN10, even there is a policy routing rule. Or your outbound NAT doesn't work properly.
Can you post a screenshot a screeshot of the outbound NAT page, please?
-
-
@gdsf said in Traffic through another wan, 2WAN 1LAN 1VLAN:
I made an exit rule like this
That's the wrong interface. It must be WAN2.
-
@viragomann I did that, it still didn't work, I have a doubt, does the VIP need to be /29?
-
@gdsf
If you've got a /29 from the ISP you should set a /29 mask, of course.But if that's really an issue depends on the gateway, if it accepts packets from this IP.
If the gatway responses to pings you can simply try it out in Diagnostic > Ping.
You can select the VIP as source and send pings to the gw from it. -
@viragomann Do you know if there's a way to find this out?
I tried calling my provider but the service is terrible
I got access to the router but I don't know if it's possible to discover the range, but it has the ip, gateway and dns info
I did a test on the https://who.is/whois/ site and it said that my range is /8
-
@gdsf said in Traffic through another wan, 2WAN 1LAN 1VLAN:
Do you know if there's a way to find this out?
As said, ping with source option. Try the gateway and a public IP like 8.8.8.8.
You can capture the packets on WAN2 while pinging to see if pfSense uses the correct source. -
-
@gdsf
No, not this way. You have to state the VIP at source.
Your WAN IP is a private one as shown above. -
-
@gdsf
I got the idea, that the ping tool is not an appropriate way to test this. The ping requests might go out to the default gateway.You have to ping from a VLAN10 device. The policy routing rule should direct it out to WAN2 and it should get the VIP as source.
So sniff the traffic with packet capture while pinging to investigate if all these work. -
@viragomann that's the problem, if I could make VLAN10 travel over WAN2 it would already solve the problem
-
@gdsf
The policy routing rule forces all traffic, which the rule is applied to the WAN2 gateway. There is no way around this.
The screenshot ot the rule above shows, that it treated already some traffic. But maybe not all from VLAN10.If you suspect that the rule is circumvented by some packets for whatever reason, check if there are other rules with higher priority applied to VLAN10 traffic. Consider that floating rules and rules on interface group are probed before ones on the interface tab. So check if you have any.
-
@viragomann I just have an interface group configured in routing for failover, otherwise my firewall rules are any for all
-
@viragomann SQUID Proxy intervene in this matter?
-
@gdsf
Yes. See here: Troubleshooting Multi-WANI've read somewhere that there is an option to do the policy routing within squid, but I don't use it, so cannot help here.
-
@viragomann Bruh, I disabled squid and the firewall rules worked normally.
Thank you very much friend you helped me. have a great day !
