Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Routing between different subnets does not work with failover.

    Scheduled Pinned Locked Moved Firewalling
    4 Posts 3 Posters 642 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      timlie
      last edited by

      Hello,

      We have a pfsense setup with three LAN subnets. Each subnet has an own interface.
      Routing between these subnets (10.0.0.0/20 ; 10.0.16.0/20 ; 10.0.32.0/20) works perfect when using the normal default gateway setting on the rules page.
      After we have created a failover gateway group (with two gateways) and add this group to a rule, routing between the LAN subnets does not work anymore.
      Tracing the traffic shows that packages which should go to one of the subnets are routed through the first gateway of the failover (which is my wan interfaces gateway).

      Is there some config I should create before doing this?

      Thanks!

      1 Reply Last reply Reply Quote 0
      • dotdashD
        dotdash
        last edited by

        The gateway group bypasses the routing table and sends the traffic directly to the gateway.
        You need to create rules on the lan interfaces to match the traffic before it hits the gateway group.
        e.g. source local subnets dest local subnets gateway default.

        1 Reply Last reply Reply Quote 0
        • DerelictD
          Derelict LAYER 8 Netgate
          last edited by

          https://doc.pfsense.org/index.php/Bypassing_Policy_Routing

          Chattanooga, Tennessee, USA
          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          1 Reply Last reply Reply Quote 0
          • T
            timlie
            last edited by

            Thanks guys! That seems logical!
            Will test and try (but I am sure this wil work).

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.