Hello,
I've got a WAN rule that allows traffic from a specific subnet in our
university's private network direct access to our LAN. We're basically
bridging two LANs across a WAN interface. The generated rule looks
like this, where 1.2.3.4 is our default gateway:
pass in log quick on $wan reply-to (em2 1.2.3.4) proto { tcp udp }
from { 10.11.143.0/24 } to { 10.0.8.0/23 } keep state label
"USER_RULE: Outside LAN"
The problem we have is that we're using a static route to access the
gateway to this "outside LAN", let's say that's "1.2.3.5". What we
need is for traffic that comes in from 1.2.3.5 for our LAN to go back
out to 1.2.3.5, not to the default route. We do have the static route
defined:
default 1.2.3.4 UGS 0 5766491 em2
<snip>
10.11.143.0/24 1.2.3.5 UGS 0 384 em2
From the rule editing page, it appears that a gateway can be defined,
but I'm only given the option of using "default" or my default route
(1.2.3.4). The description below says "Leave as 'default' to use the
system routing table", but with the way the rules are generated by
pfSense, all of our WAN traffic is sent back out the default gateway
instead of the more precise match.
I understand that the solution to this is to change the above
generated rule to use "reply-to (em2 1.2.3.5)" or to omit the reply-to
altogether. Is there any way to accommodate this rather obscure use-
case in pfSense? Can we add additional routes to the "Gateway" drop-
down?
Thanks,
Ian
---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com
Commercial support available - https://portal.pfsense.org
