Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Set a specific IP address to a specific WAN

    Scheduled Pinned Locked Moved General pfSense Questions
    6 Posts 4 Posters 5.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D Offline
      darkknight
      last edited by

      Hi everyone!

      As my profile said, I'm newbie even on pfSense  ;D
      I'd like to set an IP to go out to a specific WAN. I have two links and some IP addresses will go out to a dedicated link.

      I can imagine that's easy to do, but I had some trouble to configure the firewall and I can't mess it up.

      Thanks, sorry the English.

      1 Reply Last reply Reply Quote 0
      • stephenw10S Offline
        stephenw10 Netgate Administrator
        last edited by

        It's quite easy. It's referred to as policy based routing.

        Make a firewall rule on the LAN interface where the specific IP resides.
        Set the rule to, source: The IP you want to route and then set the gateway to whichever WAN you want to use.

        See attached example from my box. Here I route all traffic from clients in my Wifi2 subnet with destination 'somewhere on the internet' via WAN2.

        Steve

        wifi2rules.jpg
        wifi2rules.jpg_thumb

        1 Reply Last reply Reply Quote 0
        • D Offline
          darkknight
          last edited by

          Hi, thanks for replying.

          So, it didn't work. And I just access the internet if one of my gateway is set to default gateway.

          1 Reply Last reply Reply Quote 0
          • H Offline
            heper
            last edited by

            show us some screenshots of them firewall rules

            1 Reply Last reply Reply Quote 0
            • M Offline
              marvosa
              last edited by

              Under Firewall -> Rules -> LAN tab:

              The default rules should look like:

              Next to your default allow rule:

              • click on the "+" sigh that says "add new rule based on this one"

              • change source type from "LAN subnet" to "Single host or alias" then enter the host IP in the address bar

              • in the "Advanced features" section, next to "Gateway", click on the "Advanced" button , select a WAN link, then click save

              • move the new rule above the default allow rule

              • click "Apply changes"

              and you will end up like this:

              In this example, 192.168.0.10 will go out WAN2 while everything else goes out the default gateway.

              1 Reply Last reply Reply Quote 0
              • stephenw10S Offline
                stephenw10 Netgate Administrator
                last edited by

                Looks like I failed to mention that the policy based rule must go above the default rule in order to catch packets first.

                Steve

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.