Route traffic based on vLan
i would like to set an outbound LAN rule to direct traffic with a VLAN tag of 10 over one gateway, and untagged traffic over another.
is this possible please?
The rules work at layer3 - based on IP addresses. The traffic in VLAN10 should be in some subnet (e.g. 192.168.10.0/24), you would put a rule on the VLAN10 interface for traffic with source IP 192.168.10.0/24 and select the gateway you want (in the advanced rule section).
The untagged VLAN would have another interface and subnet, and you add another rule for that.
I think that others will recommend not mixing tagged and untagged on your VLAN trunk to pfSense - but I will leave that for others to comment on.
You could try to use a bridge consisting of your RAW LAN interface, and a VLAN interface as your "LAN" connection. Then in the "LAN" firewall rules select the appropriate sub "interface" and try assigning the traffic to a gateway.
This would work similar to the way you configure pfSense when you want it to function as a wireless router. I'm anxious to hear if this works!
thanks all, will give it a go when the project goes ahead