• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Policy routing (set clients use specific WAN) issues

Scheduled Pinned Locked Moved Firewalling
11 Posts 4 Posters 2.4k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • A
    archy
    last edited by Apr 22, 2013, 8:25 PM

    Use advance NAT you may find the answer.

    1 Reply Last reply Reply Quote 0
    • C
      costasppc
      last edited by Apr 22, 2013, 8:51 PM

      Thank you,

      You mean I should create outbound NAT rules for every alias I use in the LAN > WAN rules?

      Bet regards

      Kostas

      1 Reply Last reply Reply Quote 0
      • T
        tim.mcmanus
        last edited by Apr 23, 2013, 11:30 PM

        I used a firewall rule.  See enclosed screen shot.

        I have one computer that is on my LAN that I want to go out my WAN2 connection.  Because I am lazy (proud of it too), I didn't bother moving the 10.0.1.240 server to the 10.0.2.2/24 network.  Instead, I created a firewall rule that moves all of the traffic coming from 10.0.1.240 out of the WAN2 gateway.  Below that I have a LAN rule to move everything out the WAN gateway.

        ![Screen Shot 2013-04-23 at 7.34.33 PM.png](/public/imported_attachments/1/Screen Shot 2013-04-23 at 7.34.33 PM.png)
        ![Screen Shot 2013-04-23 at 7.34.33 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2013-04-23 at 7.34.33 PM.png_thumb)

        1 Reply Last reply Reply Quote 0
        • C
          costasppc
          last edited by Apr 24, 2013, 12:47 PM

          I have done the same thing (see image).

          However, when I do a traceroute from these machines, I see the main WAN as next hop after Pfsense.

          Can you check, please if this happens also to you?

          Best regards

          Kostas

          LAN2WAN_rule.png
          LAN2WAN_rule.png_thumb

          1 Reply Last reply Reply Quote 0
          • T
            tim.mcmanus
            last edited by Apr 24, 2013, 2:14 PM

            I'm going to assume you're using VLANs on your WAN connection because of the way you have them tagged.  You might have a VLAN issue that's not routing the packets to the correct gateway.

            They way I check mine is to go to the URL checkip.dyndns.org and see which IP is being displayed.

            1 Reply Last reply Reply Quote 0
            • C
              costasppc
              last edited by Apr 24, 2013, 3:16 PM

              Thank you,

              VLANs are working fine. When I use a WAN IP check tool, like yours or pfsense.org/ip.php, it shows the correct WAN IP the client should follow. The problem is in traceroute.

              Best regards

              Kostas

              1 Reply Last reply Reply Quote 0
              • D
                dhatz
                last edited by Apr 24, 2013, 4:42 PM

                Well, since in the policy-routing rules you've posted in Reply #4 above you're explicitly specifying the TCP protocol, whereas traceroute uses ICMP, it all makes perfect sense.

                1 Reply Last reply Reply Quote 0
                • C
                  costasppc
                  last edited by Apr 24, 2013, 5:52 PM

                  ??? ??? ??? ???

                  Thank you,

                  Shouldn't show the next hop of the preferred ISP?

                  Best regards

                  Kostas

                  1 Reply Last reply Reply Quote 0
                  • T
                    tim.mcmanus
                    last edited by Apr 24, 2013, 5:59 PM

                    Look at the screen shot I attached earlier and how there is an "*" in the protocol column.  That means anything from my 10.0.1.240 goes out the gateway.

                    However, you are only sending TCP out of your gateways.  Traceroute does not always use TCP packets.  Since this is the case, the trace route will only go out the default gateway since it's not using TCP.

                    You need to change the protocol from "TCP" to "Any" or "All" so all of your network traffic goes out that gateway.  That's why you're not seeing the correct information in your traceroute.  Make that change and then traceroute again.  It'll work properly.

                    1 Reply Last reply Reply Quote 0
                    • C
                      costasppc
                      last edited by Apr 24, 2013, 6:28 PM

                      You are absolutely right (hat off-bow).

                      I will change it to *.

                      Best regards

                      Kostas

                      1 Reply Last reply Reply Quote 0
                      11 out of 11
                      • First post
                        11/11
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                        This community forum collects and processes your personal information.
                        consent.not_received