Yep, you have to check these settings at both interfaces and exclude these destination subnets from going to a special WAN as you bypass the systemroutingtable by using loadbalancing or policybasedrouting.
Holger > -----Original Message----- > From: Rob Terhaar [mailto:[EMAIL PROTECTED] > Sent: Thursday, July 06, 2006 7:44 PM > To: [email protected] > Subject: Re: [pfSense Support] Default Gateway Firewall Rule > (dual wan) > > > > -----Original Message----- > > From: Rob Terhaar [mailto:[EMAIL PROTECTED] > > Sent: Thursday, July 06, 2006 6:05 AM > > To: [email protected] > > Subject: [pfSense Support] Default Gateway Firewall Rule (dual wan) > > > > > > So i'm setting up my first pfsense dual wan box. I've > followed the fairly >short+simple pdf file under the tutorial > section on the website. Once i get past >the last step where > you change the default gateway on the firewall rules, i can > no >longer pass > any t raffic out from my lan. no lan->DMZ, nothing. I can > still connect >to my lan from my dmz, but not vise-versa. > > > > I've been banging on this for a couple of hours now, and > i'm sure someone out >there has a bit of advice for this > seemingly simple configuration. > > > > On 7/6/06, Holger Bauer <[EMAIL PROTECTED]> wrote: > > You have to exclude the traffic from the dmz to the lan and > from lan to dmz >from loadbalancing (btw, same applies to > IPSEC subnets). Create a firewallrule at >the top of your > list that is passing traffic between the locally attached > subnets via >the de > fault gateway and not the gateway pool. If you have a balance > all rule at >the interfaces it will forward the connections > roundrobin to the gateways of the >pool and not route between > the local interfaces. > > > > Holger > > Thanks for responding Holger- I'll give this a shot when I get home. > Since i'm not doing load balancing, do you think i should still have > to configure my Pfsense the way you described? > > I'll explain my configuration a bit more: > > WAN is a DS3 with a block of 31 ips, and OPT2/WAN2 is a DSL > with one IP. > I would like the DMZ to use the WAN for everything and the LAN to use > OPT2/WAN2 for everything. > > The plan is to eventually migrate everything over to the DS3 line, > once more we add more bandwidth. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > ____________ Virus checked by G DATA AntiVirusKit --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
