Project

General

Profile

Feature #2676

Reply-to option in firewall rule

Added by Miroslav Novotný over 4 years ago. Updated over 4 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Rules/NAT
Target version:
Start date:
11/09/2012
Due date:
% Done:

0%


Description

Hello,

I am trying to configure network scenario with multiple path to LAN network (with public IP addresses). I need to put the "reply-to" option into my firewall rules to routing the outcoming traffic back to internal router correctly. Unfortunately there is no way how to do this in PfSense GUI.

Suggested fix: Add "Reply Gateway" (or something like that) into "Advanced Features" section in a firewall rule. It should work similarly to "Gateway" feature which creates "route-to" option except the "reply-to" option is placed in the rule.

Thx,
Mirek

Drawing1.png (28.4 KB) Miroslav Novotný, 11/09/2012 02:36 AM

History

#1 Updated by Ermal Luçi over 4 years ago

Can you describe this more since its a bit of strange unless you have not the same subnet on multiple cards.

#2 Updated by Miroslav Novotný over 4 years ago

It should be more clear from the attached picture.

The network 1.1.1.0/26 should be reachable from the Internet and both routers (10.0.0.6 and 10.0.0.13) should work in a failover mode.

There is no problem with incoming connection to 1.1.1.0/26 network. I have created the Gateway Groups (10.0.0.6 and 10.0.0.13) and the firewall rule on the uplink interface matching with packets with the destination in 1.1.1.0/26 with the gateway option set on this Gateway group. It's work as expected.

But, if some host in the 1.1.1.0/26 network initializes connection to the Internet, the reply packets are not routed to the live member of the Gateway Groups. After some research I've came up with the solution. I have created the firewall rule on the internal interface matching with packets with the source in 1.1.1.0/26 network and destination in the Internet with the reply-to option set on one of the gateway.

It's work. Unfortunately this cannot be set in the PfSense GUI and I lost the Failover functionality provided by Gateway Groups.

Also available in: Atom PDF