Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Route traffic to a specific gateway depending on the packet type

    Scheduled Pinned Locked Moved Routing and Multi WAN
    5 Posts 3 Posters 1.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      JulioQc
      last edited by

      Hello!

      I have a LAN with multiples users (20+) and 2 gateways, pfsense acting as firewall and router between.

      Is there a way to route traffic to a specific gateway depending on the packet type? For example, id like to route some low bandwidth but critical services (SNMP, SSH, SIP, etc) via one gateway and other heavy traffic (streaming, torrent, FTP, etc) through the other higher bandwidth gateway. I'm think id probably need to route packets according to layer7 or source/destination ports but i'm unsure how to proceed in pfsense or even if its possible!

      Any leads? tips?

      Thank you very much!

      1 Reply Last reply Reply Quote 0
      • M
        Michael Stizza
        last edited by

        Hey, Julio!

        I am new to pfSense myself, and I am coming from a Cisco world. Basically the only way I am aware of that you can do what you are trying to is Policy Based Routing (PBR). This is fully supported on pfSense, although to be brutally honest I don't know how to configure it.

        https://doc.pfsense.org/index.php/What_is_policy_routing

        This should point you in the right direction, though.

        1 Reply Last reply Reply Quote 0
        • J
          JulioQc
          last edited by

          Hello Michael,

          I've read a bit about it shortly after my post and I believe you are right! It's likely to be the best way to achieve my goal.

          I'm having my doubts on how to set this up with FailOver currently configured, however.

          Anyhow, it's in a lab VM so I can mess around and revert to a previous state if necessary. I'll post any good findings :)

          1 Reply Last reply Reply Quote 0
          • C
            cheonne
            last edited by

            proto source port destination port gateway queue schedule

            ipv4 tcp/udp lan net * * (ports of snmp,ssh,sip) ISP2
            ipv4 tcp/udp lan net * * * ISP2 (torrent, streaming, browsing,ftp etc)

            1 Reply Last reply Reply Quote 0
            • J
              JulioQc
              last edited by

              I've configured something similar, for both inbound and outbound but its doesn't quite work.

              I see in the firewall logs that its blocking a lot of inbound/outbound packets to/from my torrent machine but the torrents are still downloading at full speed on the interface its supposed to be blocked…

              As I have failover configured, I would think it could be interfering with the policy routing but wouldn't simply block all traffic? Cause right now, even if the logs are showing a lot of packets blocked on the proper interface, It keeps downloading on that same interface...

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.