All outbound traffic going through default gateway, ignoring local network
-
I am trying to move my firewall from a vmware virtual machine running pfsense 2.0.3 to a new SG-4860 running 2.2.3.
My setup is a lan behind the firewall with a gateway group with two gateways. The tier1 gateway is over a cable connection using dhcp (my "cable" port.) I also have the firewall connected with a static IP on connection through a different ISP (my "wan" port) that serves as a backup internet connection, and is the network where our servers reside. The cable connection is considerably faster and cheaper than this connection.
I backed up the old config, restored it to the new hardware, set the correct interfaces, changed the ip addresses of the lan and wan interfaces. In testing, everything seems to work properly, except when I try to connect to servers on my wan network I notice the traffic is going out on my cable connection.
If I switch my gateway to the wan network everything seems to be working, whether I change the tiers, disable the cable interface, or disable the gatway through the cable connection.
It seems that for some reason the firewall is not recognizing that the servers are connected to a local network. This is not a problem on my old firewall. Does anyone have any ideas of what changed and what I need to do to go back to this simple setup?
-
https://doc.pfsense.org/index.php/Bypassing_Policy_Routing
https://forum.pfsense.org/index.php?topic=75358
-
That is it. Thanks!
Summary: When configuring multi-wan PFSense 2.0 has a hidden rule to route local network connections that overrides the explicit default rule I configured. This hidden rule no longer exists in 2.1 and newer. A lan firewall rule needs to be configured for the local connection to use the default gateways instead of the gateway group.
