Bug #1813: Static routes on WAN interfaces overridden by route-to for firewall-initiated traffic - pfSense - pfSense bugtracker

Bug #1813

Static routes on WAN interfaces overridden by route-to for firewall-initiated traffic

Added by Chris Buechler almost 2 years ago. Updated almost 2 years ago.

Status:

New

Start date:

08/22/2011

Priority:

High

Due date:

Assignee:

% Done:

Category:

Rules/NAT

Target version:

Affected version:

2.0

Affected Architecture:

Description

the 'pass out' rules such as:

pass out route-to ( em1 9.2.2.1 ) from 9.2.3.17 to !9.2.2.0/21 keep state allow-opts label "let out anything from firewall host itself"

Break connectivity from the firewall itself to any networks reachable via a static route on a WAN for traffic initiated from the firewall itself.

For example if you add a static route in the above scenario pointing 1.0.0.0/24 to 9.2.3.20, traffic initiated from the firewall to that destination will go to 9.2.2.1, not 9.2.3.20.

Associated revisions

Revision 75eb2012
Added by Chris Buechler over 4 years ago

run hostap later in script, fixes ral(4) card difference in FreeBSD 7.0. Works with ath(4) also.

Ticket #1813

History

#1 Updated by Chris Buechler almost 2 years ago

Priority changed from Normal to High

#2 Updated by Chris Buechler almost 2 years ago

floating rules can work around this

Also available in: Atom PDF

pfSense

Issues