Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Forcing traffic from an IP address to leave via a specific gateway

    Scheduled Pinned Locked Moved Firewalling
    5 Posts 2 Posters 1.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bb
      last edited by

      Hi,

      I'm trying to force all traffic from a specific machine to leave via a specific gateway, but I can't seem to get it to work correctly.

      I have set up two rules for testing purposes.

      One is that for any TCP traffic to a certain IP address ( 8.8.8.8 ) has to go through Gateway2, the other is that all traffic from the IP address of the machine should go through Gateway2 (rules set up under Firewall -> Rules -> LAN). These rules are the first two rules after the default anti-lockout rule.

      If I go to whatismyip.com (or equivalent) it does report the correct public IP address for Gateway2. However a tracert to 8.8.8.8 seems to leave via Gateway1.

      Is this a peculiarity of tracert or am I doing something wrong?

      Many thanks in advance
      bb

      1 Reply Last reply Reply Quote 0
      • P
        phil.davis
        last edited by

        Are you also using 8.8.8.8 as a DNS Server, or a gateway monitor IP or?
        Those things might make a route themselves to 8.8.8.8

        As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
        If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

        1 Reply Last reply Reply Quote 0
        • B
          bb
          last edited by

          @phil.davis:

          Are you also using 8.8.8.8 as a DNS Server, or a gateway monitor IP or?
          Those things might make a route themselves to 8.8.8.8

          Hi,

          Thanks for taking the time to try and help.

          I changed the address to that of a website (184.154.165.130) and the behavior is still the same.

          Can you think of anything else I can try to diagnose the problem or remedy whatever idiocy I have done?

          Many thanks
          bb

          1 Reply Last reply Reply Quote 0
          • P
            phil.davis
            last edited by

            One is that for any TCP traffic to a certain IP address ( 8.8.8.8 ) has to go through Gateway2

            I should have read more carefully. traceroute (and ping) are ICMP, not TCP or UDP. A rule for TCP will not match traceroute packets.
            Make your rule for all protocols, or make another rule for ICMP protocol.

            As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
            If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

            1 Reply Last reply Reply Quote 0
            • B
              bb
              last edited by

              @phil.davis:

              One is that for any TCP traffic to a certain IP address ( 8.8.8.8 ) has to go through Gateway2

              I should have read more carefully. traceroute (and ping) are ICMP, not TCP or UDP. A rule for TCP will not match traceroute packets.
              Make your rule for all protocols, or make another rule for ICMP protocol.

              So it was idiocy on my part!

              Thank you so much for clearing that up.

              Kindest regards
              bb

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.