Project

General

Profile

Bug #528

route-to on traffic from localhost breaks connectivity to WAN subnets

Added by Chris Buechler about 9 years ago. Updated about 9 years ago.

Status:
Resolved
Priority:
High
Assignee:
-
Category:
Rules/NAT
Target version:
Start date:
04/19/2010
Due date:
% Done:

0%

Estimated time:
Affected Version:
2.0
Affected Architecture:

Description

The route-to added to the pass out rules such as:
pass out route-to ( em1 74.12.2.1 ) from 74.12.2.38 to any keep state allow-opts label "let out anything from firewall host itself"

breaks connectivity with the locally connected subnet as it forces the traffic to the upstream router. Basically the reply-to problem in the reverse. Either need to:
1) add a rule above that one to not route-to for the local WAN subnet.
2) Patch route-to to not route-to for the local subnet.

#1 is preferable I think, this is easy to fix with a rule where the reply-to scenario is not.

Associated revisions

Revision 5de7d56f (diff)
Added by Ermal Luçi about 9 years ago

Ticket #528. Do not route-to for local connected subnets.

History

#1 Updated by Ermal Luçi about 9 years ago

  • Status changed from New to Feedback

#2 Updated by Chris Buechler about 9 years ago

  • Status changed from Feedback to Resolved

fixed

Also available in: Atom PDF