Setting a gateway in a transparent setup

  • I’ve got a pfSense box running as a transparent bridge; there’s the LAN interface, connecting to the internal network and the WAN interface that connects to two different routers (attached image summarises the setup).

    WAN-1 is the normal gateway and that’s what LAN clients are configured to use as their default gateway. I’m trying to see if it’s possible to direct certain traffic to go out via WAN-2?

    This seems to work for traffic originating on the LAN side, I can create a rule that matches the traffic and sets the gateway to WAN-2. Where I’m having problems is when the traffic originates from the WAN.

    I’m guessing that the rule that allows the WAN->LAN traffic is creating a state entry that uses the default gateway so the reply traffic (LAN->WAN) won’t be matched against any rules that can alter the gateway used?

    Is there a way to achieve this whilst keeping the firewall transparent? For now, I’ve worked around this by setting a route on the LAN clients that specify WAN-2 as the gateway for certain destinations, but I’d like to be able to do this in pfSense if it’s possible to avoid adding routes to the LAN clients.

Log in to reply