Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    NAT, Different WANs for different subnets.

    Scheduled Pinned Locked Moved NAT
    3 Posts 3 Posters 745 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      notjoe
      last edited by

      Hey,

      I am running into a problem where I believe what I have done should work but doesn't seem to work. It's probably because of how I have things set up.
      Here is the current config:

      WAN1 IP: xxx.xxx.xxx.40/25
      WAN1 GW: xxx.xxx.xxx.1 (GW LABEL: GW_WAN)

      WAN2 IP: xxx.xxx.xxx.41/25
      WAN2 GW: xxx.xxx.xxx.1 (GW LABEL: GW_OPT1)

      WAN1/WAN2 Have the same gateway.

      IPSec: 10.0.1.0/24 (Routed through WAN1)

      LAN: 192.168.1.0/24 (Routed through WAN2)

      So, My IPSec works just fine. When I check my IP while connected to the IPSec VPN it works fine and I get the .40.

      The problem is with my LAN. I cannot seem to be able to get to the internet at all. I've tried adding a rule under Rules->Lan, which is:
      Action: Pass
      Interface:LAN
      TCP/IP Version:IPv4
      Protocol:Any
      Source Type:Network
      Source Address:192.168.1.0/24
      Destination:WAN2 Address

      This didn't work for me though as the machine on the LAN cannot access the internet.
      The next think I tried was under Firewall->NAT->Outbound:
      Interface: WAN2
      Protocol:Any
      Source Type:Network
      Source Address:192.168.1.0/24
      Destination: Any

      Neither of these worked for me, I've tried various combinations and still didn't have any luck. I suspect it is probably something stupid that I am doing.

      Now, maybe there is a better way to accomplish what it is i am trying to do. I want all my IPSec traffic to come out on xxx.xxx.xxx.40 while all my LAN traffic will come out on the xxx.xxx.xxx.41 IP Address.

      Any help would be greatly appreciated.

      Thanks!

      1 Reply Last reply Reply Quote 0
      • E
        esink
        last edited by

        I think you have the right idea with what you want to accomplish, but your implementation is incorrect.

        The rule you have setup allows traffic form the LAN to WAN2, however what's to say that LAN traffic is destined for WAN2? This question is probably more suited for the Multi WAN section

        1 Reply Last reply Reply Quote 0
        • DerelictD
          Derelict LAYER 8 Netgate
          last edited by

          The problem is with my LAN. I cannot seem to be able to get to the internet at all. I've tried adding a rule under Rules->Lan, which is:
          Action: Pass
          Interface:LAN
          TCP/IP Version:IPv4
          Protocol:Any
          Source Type:Network
          Source Address:192.168.1.0/24
          Destination:WAN2 Address

          Try:

          The problem is with my LAN. I cannot seem to be able to get to the internet at all. I've tried adding a rule under Rules->Lan, which is:
          Action: Pass
          Interface:LAN
          TCP/IP Version:IPv4
          Protocol:Any
          Source Type:Network
          Source Address:LAN network
          Destination:any

          In advanced, set the gateway to WAN2

          Chattanooga, Tennessee, USA
          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.