Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    NAT Config for Redundancy and to Force traffic to one WAN Interface

    Scheduled Pinned Locked Moved NAT
    4 Posts 2 Posters 1.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      padapa
      last edited by

      I am at a loss on how to confirm this.

      I have an existing pfsense router for my office, connected to Comcast and it goes down frequently, so I want to add a Verizon Wireless LTE "aircard" cellular data as a secondary WAN connection for failover.

      At the same time, I need to be able to force certain outbound traffic to that Verizon card so I can monitor some remote devices we have on Verizon aircards.  They are in the 166.160.x.x, 166.240.x.x and 166.245.x.x ranges.

      Here is a picture of the general configuration:https://www.dropbox.com/s/uv0r0z5z1sbna0r/Office%20Routing%20Diagram.png?dl=0

      I only have 3 interfaces:
      https://www.dropbox.com/s/ieicx30qn0l3g07/Interfaces%20Assigned%20Network%20Ports.png?dl=0

      I can ping the wireless router (192.168.0.1) connected to the new ethernet (USB Adapter) (ue0) from the PFsense->Diagnostics–>Ping interface, but not from the LAN.  If I connect to it directly, I can reach the external devices without issue.  The IP address on the USB adapter is 192.168.0.10.

      I have added a interface group for the WAN (em0) and USBVZN_ WWAN (ue0) connections.
      https://www.dropbox.com/s/d8jq3bq6l0h0jgb/Interface%20Groups.png?dl=0

      I have this as my current outbound firewall rules, but it is not working:
      https://www.dropbox.com/s/sx9z13pkzuedcbh/Firewall%20-%20Outbound%20Rules.png?dl=0

      Can someone point out what I am doing wrong?

      Thanks for the help.

      Padapa

      1 Reply Last reply Reply Quote 0
      • C
        cmb
        last edited by

        I don't see any reason to be using manual outbound NAT there, easiest to change it back to automatic.

        If you're going to stay on manual, destination must be "any" not specific networks on the WWAN rules.

        1 Reply Last reply Reply Quote 0
        • P
          padapa
          last edited by

          Thanks for responding.  I do have one question:

          Can I use automatic and still force traffic destined for certain address ranges out of a specific WAN interface?

          At the same time, I need to be able to force certain outbound traffic to that Verizon card so I can monitor some remote devices we have on Verizon aircards.  They are in the 166.160.x.x, 166.240.x.x and 166.245.x.x ranges.

          This requirements is from the Verizon's data service rules of operation.

          Padapa

          1 Reply Last reply Reply Quote 0
          • C
            cmb
            last edited by

            NAT has no impact on where traffic goes, firewall rules and the system routing table determine that. NAT only specifies how traffic going via that interface is translated.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.