Oleg - WAN interfaces (interfaces with a gateway set on them) are treated differently.
The rule set forces all connections out that interface to a specific gateway (the interface gateway) with route-to. You can add floating pass rules on WAN in the outbound direction to the destinations on the other side of that router (every network with that gateway as a static route) and probably a destination of the gateway address with no gateway set (the default gateway). That will disable route-to for that traffic. If you want connections from the networks on the other side of the second gateway into pfSense you will need to disable reply-to on those pass rules or reply traffic will be forced to the interface gateway. Disable reply-to is in the advanced section of the rules. > On May 27, 2017, at 11:31 AM, Oleg Cherkasov <[email protected]> wrote: > > Hi, > > I am setting up static routes on WAN with two gateways. One gateway is > default ISP and the second is a private network however both are in public > WAN net. I may ping both gateways and of course the default one works > flawlessly. Second GW works ok using other FW GW from other networks. Both > GW are in the same WAN network, the same subnet. > > Status shows both gateways are online and I have added static rules to direct > traffic to 4 IPs to the second gateway so I may access resources in private > network via second gateway in WAN network. > > All statuses and suggested diagnostics looks good indeed, gateways are online > and static routes are up however whatever I do the default gateway is used! > I am running traceroute/tracepath from clients behind the firewall and from > pfSense WAN itself but it always uses default gateway and ignores active > second gateway and static rules. I have tried to reboot pfSense of course > however the issue remains. > > Anyone have any suggestion? How I may verbosely debug static routing? > > > > Cheers, > Oleg > > _______________________________________________ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
