NAT, Different WANs for different subnets.



  • Hey,

    I am running into a problem where I believe what I have done should work but doesn't seem to work. It's probably because of how I have things set up.
    Here is the current config:

    WAN1 IP: xxx.xxx.xxx.40/25
    WAN1 GW: xxx.xxx.xxx.1 (GW LABEL: GW_WAN)

    WAN2 IP: xxx.xxx.xxx.41/25
    WAN2 GW: xxx.xxx.xxx.1 (GW LABEL: GW_OPT1)

    WAN1/WAN2 Have the same gateway.

    IPSec: 10.0.1.0/24 (Routed through WAN1)

    LAN: 192.168.1.0/24 (Routed through WAN2)

    So, My IPSec works just fine. When I check my IP while connected to the IPSec VPN it works fine and I get the .40.

    The problem is with my LAN. I cannot seem to be able to get to the internet at all. I've tried adding a rule under Rules->Lan, which is:
    Action: Pass
    Interface:LAN
    TCP/IP Version:IPv4
    Protocol:Any
    Source Type:Network
    Source Address:192.168.1.0/24
    Destination:WAN2 Address

    This didn't work for me though as the machine on the LAN cannot access the internet.
    The next think I tried was under Firewall->NAT->Outbound:
    Interface: WAN2
    Protocol:Any
    Source Type:Network
    Source Address:192.168.1.0/24
    Destination: Any

    Neither of these worked for me, I've tried various combinations and still didn't have any luck. I suspect it is probably something stupid that I am doing.

    Now, maybe there is a better way to accomplish what it is i am trying to do. I want all my IPSec traffic to come out on xxx.xxx.xxx.40 while all my LAN traffic will come out on the xxx.xxx.xxx.41 IP Address.

    Any help would be greatly appreciated.

    Thanks!



  • I think you have the right idea with what you want to accomplish, but your implementation is incorrect.

    The rule you have setup allows traffic form the LAN to WAN2, however what's to say that LAN traffic is destined for WAN2? This question is probably more suited for the Multi WAN section


  • Netgate

    The problem is with my LAN. I cannot seem to be able to get to the internet at all. I've tried adding a rule under Rules->Lan, which is:
    Action: Pass
    Interface:LAN
    TCP/IP Version:IPv4
    Protocol:Any
    Source Type:Network
    Source Address:192.168.1.0/24
    Destination:WAN2 Address

    Try:

    The problem is with my LAN. I cannot seem to be able to get to the internet at all. I've tried adding a rule under Rules->Lan, which is:
    Action: Pass
    Interface:LAN
    TCP/IP Version:IPv4
    Protocol:Any
    Source Type:Network
    Source Address:LAN network
    Destination:any

    In advanced, set the gateway to WAN2