In my network I have two different gateways to access the internet.
Without PFsense, clients would configure a static IP and configure the gateway that they need. Most clients have two network configurations (one for each gateway) which they can alternate between if they need to. This is a behavior I need to support (that is, letting a client in the network configure the gateway for accessing the internet).
In a next step I included PFsense into the network. The firewall runs in its own VM and has multiple interfaces set up. One for the clients, one for other services in the network, but no WAN interface (all interfaces have no gateway set). PFsense provides a DHCP server on the client interface. Clients now get a dynamic IP via DHCP. They also get their gateway configured, which points to the PFsense interface. Access to the internet is configured via a normal firewall rule, where external traffic is sent to one of the two internet gateways that exist in my network. This approach currently does not allow for the clients to choose their preferred gateway. One is picked and hardcoded as a firewall rule.
So, I have my internal network with various subnets, all being a subset of 10.0.0.0/8. All communication inside this internal network should be routed through the PFsense, with the exception of routing inside the same IP subnet. For all external communication, the client should be able to specify the internet gateway. However, traffic should still flow through PFsense for potentially filtering the internet traffic as well as applying some sort of ACL of which client is actually allowed to use which gateway.
I really hope this is enough information to get a picture of the network. Is there a way I can setup and configure PFsense to achieve what I want?
