On Aug 18, 2009, at 6:51 PM, Chris Buechler wrote:
On Tue, Aug 18, 2009 at 6:44 PM, Ian
Levesque<i...@crystal.harvard.edu> wrote:
<snip>
From the rule editing page, it appears that a gateway can be
defined, but
I'm only given the option of using "default" or my default route
(1.2.3.4).
The description below says "Leave as 'default' to use the system
routing
table", but with the way the rules are generated by pfSense, all of
our WAN
traffic is sent back out the default gateway instead of the more
precise
match.
I understand that the solution to this is to change the above
generated rule
to use "reply-to (em2 1.2.3.5)" or to omit the reply-to altogether.
Is there
any way to accommodate this rather obscure use-case in pfSense? Can
we add
additional routes to the "Gateway" drop-down?
What you're seeing is this:
http://redmine.pfsense.org/issues/show/14
Gateway is for route-to, there is no way to specify reply-to, as
that's handled automatically. 1.2.3 does have a checkbox under System
-> Advanced to disable adding reply-to entirely, which is a solution
as long as you aren't using multi-WAN (you can just comment out the
reply-to line in /etc/inc/filter.inc too).
Hi Chris - thanks for the reply.
I'm still on 1.2.1 and am waiting to upgrade with the final 1.2.3
release. If I make a change to /etc/inc/filter.inc now, it would be
lost when I upgraded pfSense, correct? I just want to avoid getting
hit with this again after the 1.2.3 release is installed (at which
point, this network bridging will be live).
We don't have a solution
for multi-WAN cases combined with WAN static routes to something other
than your gateway on that interface at this time. Either the static
route won't work for traffic initiated from that router, or you
disable reply-to and break reply routing for multi-WAN.
Indeed, I knew that the solution would break multi-WAN so I wasn't
hopeful that there'd even be a solution in pfSense. I'm happy to hear
that you've added the ability to effectively disable reply-to. Many
thanks, I've been recommending pfSense heartily for the past year and
I'm glad that I can continue to use it for our needs.
Ian
---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com
Commercial support available - https://portal.pfsense.org
