Project

General

Profile

Bug #2202

Firewall rules specifying a gateway does not work for WAN subnet in some cases.

Added by Andreas Winge over 8 years ago. Updated almost 7 years ago.

Status:
Rejected
Priority:
Low
Assignee:
-
Category:
Rules / NAT
Target version:
-
Start date:
02/14/2012
Due date:
% Done:

0%

Estimated time:
Affected Version:
2.0.1
Affected Architecture:

Description

I have a LAN firewall rule specifying that all outband traffic (destination all) should go to a gateway group containing a dynamic gateway for a VPN tunnel (default rule). This worked fine in 2.0.

After upgrading to 2.0.1 traffic going to the WAN subnet (note the WAN subnet only) went out to the default gateway. After adding a specific firewall rule before the default one (since the default one still matches the packets) with destination WAN subnet, this rule also routing the traffic to the gateway group containing the VPN tunnel, the traffic was routed correctly.

However this is not the behaviour I would expect from the default rule.

History

#1 Updated by Jim Pingle over 8 years ago

  • Priority changed from High to Low

This is not unexpected behavior, there need to be policy route negation rules for any directly connected networks, static route networks, VPN networks, etc.

I'm not sure if the WAN subnet is included in our current automatic negation rules, leaving this open for now so others can comment.

#2 Updated by Andreas Winge almost 7 years ago

Well, it works if you specifically specifies it. And I have no problems with that. Please close this one...

#3 Updated by Chris Buechler almost 7 years ago

  • Status changed from New to Rejected

not a bug

Also available in: Atom PDF