Reply-to option in firewall rule
I am trying to configure network scenario with multiple path to LAN network (with public IP addresses). I need to put the "reply-to" option into my firewall rules to routing the outcoming traffic back to internal router correctly. Unfortunately there is no way how to do this in PfSense GUI.
Suggested fix: Add "Reply Gateway" (or something like that) into "Advanced Features" section in a firewall rule. It should work similarly to "Gateway" feature which creates "route-to" option except the "reply-to" option is placed in the rule.
#2 Updated by Miroslav Novotný over 4 years ago
- File Drawing1.png added
It should be more clear from the attached picture.
The network 22.214.171.124/26 should be reachable from the Internet and both routers (10.0.0.6 and 10.0.0.13) should work in a failover mode.
There is no problem with incoming connection to 126.96.36.199/26 network. I have created the Gateway Groups (10.0.0.6 and 10.0.0.13) and the firewall rule on the uplink interface matching with packets with the destination in 188.8.131.52/26 with the gateway option set on this Gateway group. It's work as expected.
But, if some host in the 184.108.40.206/26 network initializes connection to the Internet, the reply packets are not routed to the live member of the Gateway Groups. After some research I've came up with the solution. I have created the firewall rule on the internal interface matching with packets with the source in 220.127.116.11/26 network and destination in the Internet with the reply-to option set on one of the gateway.
It's work. Unfortunately this cannot be set in the PfSense GUI and I lost the Failover functionality provided by Gateway Groups.