Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Route traffic from specific IP addresses to specific wan

    Routing and Multi WAN
    6
    10
    12964
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      molesza last edited by

      I am getting second WAN connection installed on our network. There are clients in the 192.168.1.100 to 199 range that I want to have all traffic go over the existing DSL connection. The second dsl connection must only be used by IP addresses that I have assigned outside of the DHCP pool mentioned above. On top of that these specific IP addresses must be able to use the old line too. In a perfect world connections on the specified IP addresses will go out on the second line and borrow bandwidth from the existing wan connection if required. Possible?

      1 Reply Last reply Reply Quote 0
      • J
        josekym last edited by

        Possible.  Use gateway groups and policy based routing.

        For the PCs that need to use both DSL connections, make a load-balanced gateway group.  For the other PCs, just make a fail-over gateway group with one DSL in Tier1 and the other DSL in Tier2.

        1 Reply Last reply Reply Quote 0
        • M
          molesza last edited by

          Fail over trick is a great idea! Thanks.  I will try that when the line is installed and report back.

          1 Reply Last reply Reply Quote 0
          • K
            kud last edited by

            I do not mean to hijack your question but I am trying to do some what of the same thing. The difference being I just need 1 computer to connect to the internet using the other dsl line. Really thought it would just be as easy as creating a rule to forward outbound traffic to the second wan. This does not work. So the suggested method above is the route to take?

            Thanks,
            Kud

            1 Reply Last reply Reply Quote 0
            • jimp
              jimp Rebel Alliance Developer Netgate last edited by

              All that you need is a rule above the default catch-all rule to direct their traffic to another gateway (or a gateway group that does failover).

              The rules match from the top down and the first match wins. If the rule they match sends their traffic out another gateway, it will go that way.

              1 Reply Last reply Reply Quote 0
              • K
                kelsen last edited by

                If I put a rule directing just email port to failover gateway it should work? I'm question this because I did it and the email has stopped working, the states table show closed :syn sent.

                Thanks!

                1 Reply Last reply Reply Quote 0
                • jimp
                  jimp Rebel Alliance Developer Netgate last edited by

                  Yes, it should work for anything you can match with a firewall rule. Some ISPs block outbound SMTP on port 25 though. If you have only mail clients, not a mail server, make sure that your mail server and clients are set to use tcp/587 for authenticated submission.

                  CLOSED:SYN_SENT means that one side sent a SYN packet to establish a connection, but the other side did not respond (could be blocked, ignored, or otherwise discarded/misrouted)

                  1 Reply Last reply Reply Quote 0
                  • K
                    kelsen last edited by

                    Thank you for your explanation @jimp, I questioned this because as I said, it was working and then after change the rule to pass through the failover gateway it stopped working, perhaps something misconfigured, as I dont have this scenario anymore, I will try later.
                    Someone told here in this forum to put a rule on top allowing any to any (port,src and dst) passing through failover gateway, this will not allow any traffic or it will just route the traffic?

                    Thank you again!

                    1 Reply Last reply Reply Quote 0
                    • C
                      cmb last edited by

                      that will pass and route the traffic. If the WAN you're sending it out of works in general (change the rule to HTTP for instance and try), but SMTP doesn't work, then I'd guess that provider blocks SMTP (standard on residential class connectivity).

                      1 Reply Last reply Reply Quote 0
                      • K
                        kelsen last edited by

                        Alright, thank you guys!

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post

                        Products

                        • Platform Overview
                        • TNSR
                        • pfSense
                        • Appliances

                        Services

                        • Training
                        • Professional Services

                        Support

                        • Subscription Plans
                        • Contact Support
                        • Product Lifecycle
                        • Documentation

                        News

                        • Media Coverage
                        • Press
                        • Events

                        Resources

                        • Blog
                        • FAQ
                        • Find a Partner
                        • Resource Library
                        • Security Information

                        Company

                        • About Us
                        • Careers
                        • Partners
                        • Contact Us
                        • Legal
                        Our Mission

                        We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                        Subscribe to our Newsletter

                        Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                        © 2021 Rubicon Communications, LLC | Privacy Policy