PfSense dummy needs direction



  • I built the box and have used successfully for over 6 months now but it is time for me to learn more.

    What I would like to do is add another Wan and use it Solely for each way traffic to and from a single address.

    At the same time I wish to prevent the other Wan access to said address.

    I bought the book but have struggled to understand a large amount of what I am reading …is there a "for dummies" version? or maybe a kind soul who would point me in the right direction?



  • I need more details on what you already have and the nature of the path to this single address.

    @OldChap:

    What I would like to do is add another Wan and use it Solely for each way traffic to and from a single address.

    By "another WAN" do you mean another link to the public internet? Or do you mean a link to another system?

    @OldChap:

    At the same time I wish to prevent the other Wan access to said address.

    May not be necessary to do anything. If you have a single public IP address so all the access attempts from the internet go to the one system (a fairly common configuration) or are blocked (also fairly common I suspect) then you already have what you are asking for.



  • What you want is policy based routing, which is handled in pfSense by firewall rules.  On the LAN interface, create a firewall rule with the destination IP being set to the address you want to specially direct traffic to and the gateway set to the second WAN address.  In this way you can specifically tailor the firewall rule to match specific types of traffic (only TCP 80, or all network traffic except DNS, etc.).  Remember that firewall rules are evaluated on first match wins so you will want this rule to be above any other general rules (ie: above the default LAN allow rule).



  • wallabybob….Yes, I mean a second nic to a second internet connection which would be sending/receiving to one ip address or group of addresses only.

    submicron...Thank you, I will study that section more closely



  • For some configurations a static route would be an easy solution. submicron's suggestion seems better suited to your environment.


Log in to reply