Correct gateway is not used

uggiz

Hello,

I have a setup with two WAN`S, one slow (VSAT) and one faster (Starlink).

I have setup a Failover Gateway group, and this is working fine. (Failing from fast to slow)

But I want to force one of the LAN`s to use only the slow WAN, how can i do this? I have tried to make firewall rules and setting the slow WAN as the default gateway there, but the System/Routing/Gateways - Default Gateway IPv4 seems to override this.

Any tips?

Bob.Dig

@uggiz said in Correct gateway is not used:

I have tried to make firewall rules and setting the slow WAN as the default gateway there,

Show it.

viragomann

@uggiz
Yes, policy routing is the correct way to route traffic from certain devices to a specific gateway.
However, you have to ensure that the rule is applied before others, which allow public access over the default gateway.
So maybe you have to correct the rule order.

uggiz

@viragomann

This rule is applied on top now for the test. But the traffic still goes to the wrong WAN

viragomann

@uggiz
Possibly there is still an existing state for the connection. Try to flush the states.

Also remember, that floating rules and interface group rules have precedence.

uggiz

@viragomann
Tried flushing the states, and there are no floating rules or interface groups.
When i change this to the VSAT (WAN_DHCP) the traffic flows correctly:

Do I need to set this to none, and add firewall rules with gateway to the different interfaces?

viragomann

@uggiz
No, this is the default gateway setting and is needed by pfSense for proper routing.
This is used for all traffic apart from policy routing.

If your rule doesn't work, I'd assume that it isn't applied due to not matching conditions.
However, your rule shows states and traffic:

So it obviously matched some traffic already. And I'd expect that the stated gateway was used for it then.
Why do you think, that it doesn't work?

uggiz

@viragomann

When I do a traceroute on the Pfsense it shows the wrong WAN interface ip. If i switch the default gateway here and try again, the correct WAN interface ip is show on the traceroute.

viragomann

@uggiz said in Correct gateway is not used:

When I do a traceroute on the Pfsense it shows the wrong WAN interface ip.

pfSense itself doesn't obey the policy routing rule. Only the devices in the source alias are directed to the gateway in question.

Gblenn

@uggiz A simple test would be to open a browser on a PC that is on the CREWVSAT73 subnet and check "whatismyip.com"...