Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Failover Multiple WAN with Multiple LAN

    Scheduled Pinned Locked Moved Routing and Multi WAN
    3 Posts 2 Posters 243 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • chpalmerC
      chpalmer
      last edited by

      2.7.2

      I have been running multi LAN and several VPN's coming in for years.. Now that I am trying to add failover multi WAN to the mix I can no longer route between my LAN's and or VPN's..

      I assume that it is because I have added the "gateway group" to my primary LAN gateway..

      Is there a proper way to do multi WAN without losing my routing between my local networks?

      Triggering snowflakes one by one..
      Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @chpalmer
        last edited by

        @chpalmer
        I guess, you've changed your LAN rules into policy routing rules for whatever reason.
        Basically this is not necessary for routing to a failover group. You can state it in System > Routing > Gateways > Default Gateway instead.

        If you do policy routing to a WAN gateway or failover group, however, you have to care that the rule is only applied to traffic destined to IPs outside of your network.

        Best practice to achieve this is to create an alias for all private network ranges:
        acae3596-54e9-4309-84c8-722cec19fe75-grafik.png
        I called it RFC1918.

        Then use this alias in your policy routing rules as destination in conjunction with "invert match". Then the rule condition matches only to traffic destined to non-private IPs, i.e. to internet traffic.

        Remember that you have to add an additional rule below of this then to allow access to local / private IPs.

        chpalmerC 1 Reply Last reply Reply Quote 1
        • chpalmerC
          chpalmer @viragomann
          last edited by

          @viragomann Thanks!

          I did it the way someone said to on yootoob and we all know how anyone making videos there is always correct.. 🤣

          Triggering snowflakes one by one..
          Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.