Project

General

Profile

Actions

Bug #528

closed

route-to on traffic from localhost breaks connectivity to WAN subnets

Added by Chris Buechler over 14 years ago. Updated over 14 years ago.

Status:
Resolved
Priority:
High
Assignee:
-
Category:
Rules / NAT
Target version:
Start date:
04/19/2010
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.0
Affected Architecture:

Description

The route-to added to the pass out rules such as:
pass out route-to ( em1 74.12.2.1 ) from 74.12.2.38 to any keep state allow-opts label "let out anything from firewall host itself"

breaks connectivity with the locally connected subnet as it forces the traffic to the upstream router. Basically the reply-to problem in the reverse. Either need to:
1) add a rule above that one to not route-to for the local WAN subnet.
2) Patch route-to to not route-to for the local subnet.

#1 is preferable I think, this is easy to fix with a rule where the reply-to scenario is not.

Actions

Also available in: Atom PDF