• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

[2 wan] How to force a specific lan host to use always one gateway only.

Scheduled Pinned Locked Moved Firewalling
4 Posts 2 Posters 3.5k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • M
    MaxFontana
    last edited by Sep 3, 2010, 11:47 AM

    Hi there. Just installed pfsense with a standard configuration: 1 LAN, 2 WAN (each with 8 static public ip's). What I need is a simple failover (load balancing not required at the moment) solution and after a few tests I can say it works flawlessly.
    Here is now my question: I need my mail server to be the only authorized host to generate traffic through port 25 and in addition it has to use the wan1's gateway, never the wan2's gateway. How do I implement this?
    I tried with several rules but after simulating a failure on primary wan connection, I can still see mails going out through the secondary gateway.
    I thought something like this would have worked but I'm wrong :-(


    firewall rules
    Lan

    (block) TCP/UDP  ! 10.0.0.1  *  *  25 (SMTP)  WAN GATEWAY

    many thanks in advance.
    Max
    Italy

    1 Reply Last reply Reply Quote 0
    • K
      kpa
      last edited by Sep 3, 2010, 12:19 PM

      You need a second rule that allows the outgoing connection from the mail server and has the default selected as gateway, the rule needs to be before any other rules.

      1 Reply Last reply Reply Quote 0
      • M
        MaxFontana
        last edited by Sep 3, 2010, 1:06 PM

        @kpa:

        You need a second rule that allows the outgoing connection from the mail server and has the default selected as gateway, the rule needs to be before any other rules.

        Assuming that I want to use the wan2's gateway, do you mean something like this?


        firewall rules
        Lan
        (allow)    tcp            10.0.0.1        *      *      25 (SMTP)    wan2 gateway
        (block)  TCP/UDP      ! 10.0.0.1      *      *      25 (SMTP)      (failover pool)

        thanks
        Max

        1 Reply Last reply Reply Quote 0
        • K
          kpa
          last edited by Sep 3, 2010, 5:30 PM

          Yes, what is needed is a rule that matches the traffic before any other rules and has the desired gateway selected.

          1 Reply Last reply Reply Quote 0
          1 out of 4
          • First post
            1/4
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
            This community forum collects and processes your personal information.
            consent.not_received