pfSense 2.3 – How to Route LAN Traffic Over Specific Gateway

firewalllanpfsense-2routerwan

I am running a pfSense 2.3 box with 4 NICs. Now i have 2 different ISPs (one Cable & one DSL). How Can i configure, that all traffic from LAN1 goes ONLY over WAN1, and all traffic from LAN2 goes ONLY over WAN2? I Dont want any Failover or LoadBalancing, just seperate each Networks "Gateways". Here a simple diagram, on what i try to achieve.

Best Answer

Instead of ISP IP addresses as gateways, you could use two tier-based gateway teams.
Each gateway team will have the preferred ISP in tier 1, while the other ISP will be in tier 2.

TEAM-ISP1
- ISP1 tier 1
- ISP2 tier 2
TEAM-ISP2
- ISP2 tier 1
- ISP1 tier 2

In normal conditions, each LAN will use the tier 1 member of the team.
When ISP1 goes down, ISP2 will be used by both LAN1 and LAN2.
When ISP2 goes down, ISP1 will be used by both LAN1 and LAN2.

Related Solutions

Cisco PBR verify-availability with interface instead of next-hop

As discussed in chat, PBX / SIP traffic is unique to an IP host route in your case. Therefore, you can remove PBR and use tracking objects on overlapping static routes, which go out different dialer interfaces to solve the problem.

ip route 89.123.45.10 255.255.255.255 Dial0 track 1 1 name PBX_Pri
ip route 89.123.45.10 255.255.255.255 Dial1 track 2 10 name PBX_Bak
ip route 0.0.0.0 0.0.0.0 Dial 1 track 2 1 name Data_Pri
ip route 0.0.0.0 0.0.0.0 Dial 0 track 1 10 name Data_Bak

IPv4 Subnetting – Commonality of /20 Subnet Mask in pfSense Routers

9.9.192.1 is an address owned by IBM - so unless they've given it to you, you can't use it on your LAN without causing problems.

A subnet mask of 255.255.240.0 or /20 is completely fine as long as the address range you're using is large enough and either private (192.168.0.0/16, 172.16.0.0/12 or 10.0.0.0/8) or granted to you. Mixing devices with differing network addresses or masks doesn't usually work as you've already noticed.

Usually, your network devices are configured by DHCP, so possibly you just need to correct the scope there. If you're not using DHCP now is a good time to start.

edit 1: You might want to read up on how subnetting works in this good question/answer: How do you calculate the prefix, network, subnet, and host numbers?

edit 2: The subnet mask defines the size of the subnet. Your mask 255.255.240.0 allows for 12 bits = 4,094 host addresses which might be a bit oversized. It doesn't hurt though, except that /24 might be slightly easier to handle.

edit 3: If your can't change the LAN subnet mask on the router just don't do it. Change the mask in the DHCP options and simply don't use the extra 4 bits of host addresses.

edit 4: your screenshot in the other comment - you should add additional details to your question instead - shows the DHCP options. These are most probably inherited from the NIC's network settings which may be the reason why you can't change them. Check the NIC's IP settings and correct the mask there if possible; the DHCP scope is likely to follow.

Best Answer

Related Solutions

Cisco PBR verify-availability with interface instead of next-hop

IPv4 Subnetting – Commonality of /20 Subnet Mask in pfSense Routers

Related Topic