<![CDATA[Policy based dual router]]>My LAN has two WAN's each coming in via a different router, one pfSense and the other a Vigor job. Currently the two routers are unaware of each other, each being the default route for some subset of the LAN's hosts. Typically, hosts using DHCP will see the pfSense router/WAN as their default route, and other hosts using a static assignment will see the Vigor as default route.

It works well, but what I want to do now is to have hosts using pfSense as the default route to send some traffic out of the Vigor gateway. It seems simple enough to me: a firewall rule matching traffic from host x to address y gets redirected via the Vigor, but I can't set this in in pfSense because it seems only to want to use a WAN/OPT port as a gateway and won't allow some other LAN address to be used. Is that correct, or am I missing some (possibly well hidden) option?

]]>https://forum.netgate.com/topic/5152/policy-based-dual-routerRSS for NodeFri, 17 Apr 2026 06:58:51 GMTTue, 10 Jul 2007 21:24:28 GMT60<![CDATA[Reply to Policy based dual router on Thu, 12 Jul 2007 00:07:17 GMT]]>I'm pushing to have it changed in a future release to allow policy routing to any address you desire, but no ETA on that. Possibly for 1.3, maybe not until after that.

]]>https://forum.netgate.com/post/157426https://forum.netgate.com/post/157426Thu, 12 Jul 2007 00:07:17 GMT<![CDATA[Reply to Policy based dual router on Wed, 11 Jul 2007 19:09:15 GMT]]>If an interface has a gateway then you can route traffic out of it.
If the interface has no gateway then its just a LAN interface.

If you want pfSense to do the routing, and you want it to sometimes send traffic through the vigor then you need to conect the two directly.

]]>https://forum.netgate.com/post/157407https://forum.netgate.com/post/157407Wed, 11 Jul 2007 19:09:15 GMT<![CDATA[Reply to Policy based dual router on Wed, 11 Jul 2007 11:16:24 GMT]]>OK, thanks. I don't really want to chain either router off the other, because that defeats the idea of having them separate :)

Is this policy thing likely to change or is it pretty much cast in stone?

]]>https://forum.netgate.com/post/157391https://forum.netgate.com/post/157391Wed, 11 Jul 2007 11:16:24 GMT<![CDATA[Reply to Policy based dual router on Wed, 11 Jul 2007 03:34:08 GMT]]>Yeah, that's correct. Currently that's a limitation of our policy routing.

What I would suggest is putting the Vigor gateway off of a dedicated OPT interface, and use pfsense for the gateway for everything, static or dynamic. Then you can use policy routing to direct traffic as you wish.

]]>https://forum.netgate.com/post/157383https://forum.netgate.com/post/157383Wed, 11 Jul 2007 03:34:08 GMT