pfSense Gold Subscription

Author Topic: [SOLVED] floating rules to switch gateway  (Read 118 times)

0 Members and 1 Guest are viewing this topic.

Offline loscoz

  • Newbie
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
[SOLVED] floating rules to switch gateway
« on: November 10, 2017, 07:45:55 am »
Hello everyone! I'm new to this forum!
I have a problem and i need to solve it, i try to explain as cleasr as possible:

I have a LAN, WAN1 and WAN2. I want send the internet traffic of one host (192.168.0.50) to gateway 2 of lan 2, and other hosts to the default gateway1 of wan .

Network scheme:



i try to onfing a floating rule like this:





i think that the host 192.168.0.50 should go out on the gateway 2 of wan2 (in this case not surfing, because unlinked) but despite this rule can navigate without problems, where am I wrong?
thanks a lot
« Last Edit: November 10, 2017, 08:54:43 am by loscoz »

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 14299
  • Karma: +1330/-193
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: floating rules to switch gateway
« Reply #1 on: November 10, 2017, 08:16:46 am »
You have direction set to out on your floating rule.. So that is traffic leaving pfsense into those networks when the source IP is the 0.50?  huh??

How is it this lan IP ever be a source into your lanwifi interface?

If want to policy route..  Then you need to send traffic that is inbound into a pfsense interface out a specific gateway.. This would normally be done on the lan interface, not floating..
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.3.4_p1 (work)
1x 2.4.2-RELEASE on VM esxi 6.5 (home)

Offline loscoz

  • Newbie
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
Re: floating rules to switch gateway
« Reply #2 on: November 10, 2017, 08:53:46 am »
you're right, it was enough to set the rule ina LANWIFI interface and it works well.
I apologize,  i'm new to pfsense! but then floating rules when used?

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 14299
  • Karma: +1330/-193
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: [SOLVED] floating rules to switch gateway
« Reply #3 on: November 10, 2017, 09:53:48 am »
You would use floating rules when for example you want to set same rule on a bunch of interfaces.  But to be honest if its only a handful of interfaces I would just do them on the interfaces directly if repeat say rules.. Like blocking access to specific dest IP or port..  But its easier if all the rules allowing and blocking traffic on a network is done right on that interface tab vs the floating tab.. Since its easier to see what exactly will happen with traffic entering that interface.

You would use them in the case where you need to block traffic outbound, or it makes sense to just put in 1 rule on the wan outbound.. You could for example place a rule there to block say 25 outbound on your wan.. This way none of your inside networks could talk outbound on 25.

But its always best to block the traffic before it even enters the firewall, vs letting the firewall process the traffic in and then just stop it from leaving.

Floating is normally going to be used for more advanced configuration.. Normal use would rarely ever had need for any sort of rules in floating.  You might put some rules in in there if you want to mark some traffic and use that mark on some other rule, etc.  All comes down to what your trying to accomplish exactly - and the best way to skin that cat.

But with as simple policy route for 1 interface, yeah just put the rule on the interface directly is normally your best bet.
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.3.4_p1 (work)
1x 2.4.2-RELEASE on VM esxi 6.5 (home)