Netgate SG-1000 microFirewall

Author Topic: 2 wan and protcol binding  (Read 102 times)

0 Members and 1 Guest are viewing this topic.

Offline riccio99

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
2 wan and protcol binding
« on: November 22, 2017, 05:58:55 am »
Hi all,

i have setup the firewall with 2 wan and 1 lan with load balancing.

i also added protocol binding because i want all traffic from all computer on lan that goes trough port 1588 go out with wan2.

I would like also that when the wan2 is down no traffic for port 1558 from lan computer goes trough wan1. i want it blocked.

How can i do it??

thx

Offline Derelict

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 9208
  • Karma: +1046/-308
    • View Profile
Re: 2 wan and protcol binding
« Reply #1 on: November 22, 2017, 06:37:19 am »
Yeah, that gets tricky due to the nature of policy routing.

Make a policy routing rule on the LAN interface at the top of the rule set that matches all traffic destined for port 1588 and set the WAN2 gateway on the rule. Also set that rule to mark the traffic with something like "WAN2_ONLY".

Then make a floating rule on WAN1 in the out direction that rejects all traffic if it matches the WAN2_ONLY mark.

Search the forum for NO_WAN_EGRESS for examples of the same technique.

Las Vegas, Nevada, USA
Use this diagram to describe your issue.
The pfSense Book is now available for just $24.70!
Do Not PM For Help! NO_WAN_EGRESSTM

Offline riccio99

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Re: 2 wan and protcol binding
« Reply #2 on: November 22, 2017, 08:09:35 am »
Thank you for the quick reply..

 have  i to leave the protocl binding and round robin or i have to cancel all and set the rules you suggested?

Thank you!

Offline Derelict

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 9208
  • Karma: +1046/-308
    • View Profile
Re: 2 wan and protcol binding
« Reply #3 on: November 22, 2017, 08:25:53 am »
What I suggested completely bypasses the round-robin configuration since you are explicitly policy routing to that WAN. As long as those policy routing rules are higher in the rule set.
Las Vegas, Nevada, USA
Use this diagram to describe your issue.
The pfSense Book is now available for just $24.70!
Do Not PM For Help! NO_WAN_EGRESSTM