Bug #13283
closed
PBR forcing traffic out one WAN and back into another WAN with NAT Reflection Fails
0%
Description
Assuming the following configuration:
2 WAN interfaces WAN1 and WAN2
One LAN interface with Host A and Host B.
Host A is hosting a service on 443 that is port forwarded on port 443 externally on WAN1
Host B has a PBR forcing traffic for any destination out WAN2
In this configuration, when Host B tries to access the Port Forward for HTTPS 443 on Host A by the WAN1 address, NAT reflection should rewrite the destination IP to the private address. This occurs and traffic will show up on neither WAN1 or WAN2 in a pcap and only on LAN, but the connection will never be made and Host B is unable to connect to Host A.
Updated by Marcos M about 3 years ago
- Status changed from New to Not a Bug
- Affected Plus Version deleted (
22.05)
Tested this.
With that PBR in place, even traffic that is being NAT'ed from the NAT Reflection rule will be caught by the destination of any, hence be forced out of the gateway. Create a policy bypass rule to work around it. See: https://docs.netgate.com/pfsense/en/latest/multiwan/policy-route.html#bypassing-policy-routing