Multi WAN and Multi LAN issue.

eprimaveri

I have 5 LAN Subnets and I have 2 WAN Connections.  I am using PFSense 2.0 Release.  I have setup the group to failover to our second WAN Connection.  I have also setup the Rules to reflect this Gateway.  However I cannot communicate between LAN Subnets.  If I change he gateway in the rules back the default it works just fine.  Am I missing something?  Any help would be greatly appreciated.  I would like to be able to failover my outbound traffic to my second WAN on all LAN Subnets.

marcelloc

Pfsense is doing what you told 'him' to do. Route everything allowed to fail-over.

To Fix your problem, create a rule before Gw one allowing traffic between lan interfaces with default Gw.

eprimaveri

@marcelloc:

Pfsense is doing what you told 'him' to do. Route everything allowed to fail-over.

To Fix your problem, create a rule before Gw one allowing traffic between lan interfaces with default Gw.

When I do that.  Now the the Failover doesn't work.  Doesn't your Rule suggestion completely override the GW Failover one?

Thanks For your help.

marcelloc

On each lan interface:
First rule -> permit lan_x subnet to lan subnets(alias) with default Gw
Second rule -> permit lan_x subnet to internet failover Gw

Did you got it?

eprimaveri

@marcelloc:

On each lan interface:
First rule -> permit lan_x subnet to lan subnets(alias) with default Gw
Second rule -> permit lan_x subnet to internet failover Gw

Did you got it?

Thank you.  I misread your previous post and put LAN to Any default GW.  I change that to the other LAN2 Subnet and that worked great.

Pennyless

@marcelloc:

On each lan interface:
First rule -> permit lan_x subnet to lan subnets(alias) with default Gw
Second rule -> permit lan_x subnet to internet failover Gw

Did you got it?

Hi marcelloc,

I am sorry but I am having the same gateway/rule issue but "I don't got it".

Configuration;
2.0-Rel
5 interfaces bridged as one subnet
3 ISP WANs grouped at tier one level

System:Advanced:Firewall and NAT;
Disable reply-to on WAN rules = Disabled (checked)

System:Advanced:System Tunables;
net.link.bridge.pfil_onlyip  = 0
net.link.bridge.pfil_member = 0
net.link.bridge.pfil_bridge =1

System:Gateways:EditGateway
Monitor: verified
Weight: set and verified
Latency: set and verified
Loss: set and verified

All the hardware is running correctly and pfSense behaves as advertised.

Depending upon which Gateway is used in the rules (DG or Group) either the subnet OR the gateway become unreachable.

I simply need to group 5 interfaces into one subnet and use the a "Group" gateway to load balance across the WANs.

Can you help with some rule ideas?  I have tried everything.

Thank you

marcelloc

The basic idea is create a rule to permit traffic between interfaces without any gateway.

Test this first and then create rules that forces a gateway.