pfSense - Routing

Schmarvin · May 1, 2026, 10:39pm

Hello all,

Another fun pfSense question. We have two WANs. WAN1 and WAN2.

WAN1 also has a /24 routed to LAN4 for a switch for hosting things.

We have a few things using WAN1 for internet as we have limiters in place and it just works. Plus, we just recently got our WAN2 provider. So, WAN1 is primary, WAN2 is secondary (and in failover as well, which works with no issue).

But, we wanted to move our office traffic from WAN1 to WAN2. Well, we did. It works. But now, we can’t access LAN4 (static IPs) from WAN2. Switching ban to WAN1 and it works. I have probably missed a step somewhere. Just couldn’t tell you where. We have Outbound NAT on Manual due to the block of IPs.

Any ideas on where I could start? LAN to WAN rules look fine. Maybe WAN to WAN rules?

xMAXIMUSx · May 3, 2026, 1:04am

I need some clarification. When you are talking about LAN4 are you saying you have 1-to-1 NAT for your /24?

Maybe I diagram will help me understand what is going on.

Schmarvin · May 3, 2026, 2:23pm

No. They are dedicated IPs, hence why I have Outbound NAT on manual. LAN4 is just the port that routes the IP addresses from WAN1.

WAN1 and WAN2 go to the Netgate

LAN1, LAN2, and LAN3 are different local networks. LAN1 being our primary for all devices.

LAN4 is the port for the static IPs via the /24 that we have that are routed through the WAN1 provider.

WAN2 is a different provider, we just want to use that for LAN1 internet only and a failover for the rest. Failover works normal for LAN2 and LAN3. LAN1 has a WAN2 Gateway selected on the rules so only it uses the WAN2 internet all the time.

If I’m browsing the internet on LAN1, it works. If I try to access a device or server that has a static IP on LAN4, it doesn’t work.

It’s like I forgot a route or path someone for traffic to come from LAN1 going out of WAN2 to get back in to WAN1 or LAN4.

xMAXIMUSx · May 4, 2026, 2:06am

Try adding a firewall rule where your source is your private subnet for that interface. the destination is the public /24 and the gateway is WAN1. Make sure this rule is above the rule for your gateway group for failover.

Source	Destination	Gateway
10.10.10.0/24	Public /24	WAN1
10.10.10.0/24	*	Gateway Failover Group

Schmarvin · May 4, 2026, 3:51pm

Okay, so I’ve got LAN4 (/24) for source and gateway. I’ll check that later today, thanks.

Schmarvin · May 6, 2026, 2:12pm

So, that did not work. I think I missed a whole step somewhere. I’m just going to undo what I attempted. Then re-write the rules and test.