default gateway override route ?
-
@rynstack said in default gateway override route ?:
we have a single default gateway route but now have set up an alternate 2nd wan/lan for "DMZ" segmented type networks
You got a 2nd WAN connection with a different gateway and you want to route the upstream traffic of the DMZ out to this new WAN?
-
@viragomann said in default gateway override route ?:
@rynstack said in default gateway override route ?:
we have a single default gateway route but now have set up an alternate 2nd wan/lan for "DMZ" segmented type networks
You got a 2nd WAN connection with a different gateway and you want to route the upstream traffic of the DMZ out to this new WAN?
yes, that is correct @viragomann
-
@rynstack this would be a policy route, via firewall rule you can push traffic out any specific gateway you want.
https://docs.netgate.com/pfsense/en/latest/multiwan/policy-route.html
-
@johnpoz thanks for the note and ref, I did play with that option before when troubleshooting early on, but was still having some problems with it, though I'd like to try it again some more [it was allowing traffic out when viewing logs, but getting stuck beyond the virtual child interface out to the public for some reason]. granted I did make changes while testing afterwards, still came to the same problem I'm having now, but there may be additional config needed for that to work properly in our setup.
so technically, policy routing should resolve this issue and no adjustment would be needed to the system default route settings?One downside I found after trying that and some other things during testing, is a gateway listed in the routing table is stuck with the gateway IP I want to use pointing at a wrong MAC address [alternate virtual interface] - so now i cannot seem to fix it or use that IP as a gateway now. the gateway is marked as down, though its up on the correct physical interface, even after removing and re-adding from the the system gateway list. concerned some stale config is conflicting with getting this to work properly since the beginning. any advice on how to manually remove the problem gateway from the routing table without affecting other networks or the entire running system is welcome! thanks in advance.
edit=uploaded image example
-
@rynstack
Did you accidentally assign the same subnet to different interfaces by any chance?
Check out Status > Interfaces. -
@viragomann thanks for the check - here's what I can see currently, this virtual interface for 10.86.151.1 still has the problematic gateway assigned to it, but in the interface config its not set. I checked subnets of all interfaces and they are all unique, but the problem gateway IP is listed for 2 interfaces. bug?
-
@rynstack
Strange. Chiefly as the gateway is outside of the subnet.What shows System > Routing > Gateways?
-
@viragomann basic default route and the problem GW, which I have removed, re-added, disabled, enabled twice but no change.
-
i just "re-saved" the interface [10.86.151.1] again with no change / no gateway and it fixed itself!
-
thanks so much for the help @viragomann and @johnpoz , I seem to have a working route out now with FW rules using policy route!
