[2 wan] How to force a specific lan host to use always one gateway only.

MaxFontana · Sep 3, 2010, 11:47 AM

Hi there. Just installed pfsense with a standard configuration: 1 LAN, 2 WAN (each with 8 static public ip's). What I need is a simple failover (load balancing not required at the moment) solution and after a few tests I can say it works flawlessly.
Here is now my question: I need my mail server to be the only authorized host to generate traffic through port 25 and in addition it has to use the wan1's gateway, never the wan2's gateway. How do I implement this?
I tried with several rules but after simulating a failure on primary wan connection, I can still see mails going out through the secondary gateway.
I thought something like this would have worked but I'm wrong :-(

firewall rules
Lan

(block) TCP/UDP ! 10.0.0.1 * * 25 (SMTP) WAN GATEWAY

many thanks in advance.
Max
Italy

kpa · Sep 3, 2010, 12:19 PM

You need a second rule that allows the outgoing connection from the mail server and has the default selected as gateway, the rule needs to be before any other rules.

MaxFontana · Sep 3, 2010, 1:06 PM

@kpa:

You need a second rule that allows the outgoing connection from the mail server and has the default selected as gateway, the rule needs to be before any other rules.

Assuming that I want to use the wan2's gateway, do you mean something like this?

firewall rules
Lan
(allow) tcp 10.0.0.1 * * 25 (SMTP) wan2 gateway
(block) TCP/UDP ! 10.0.0.1 * * 25 (SMTP) (failover pool)

thanks
Max

kpa · Sep 3, 2010, 5:30 PM

Yes, what is needed is a rule that matches the traffic before any other rules and has the desired gateway selected.