Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Source: "Single Host or Alias" does not work for IPv4 outbound rules?

    Firewalling
    2
    6
    321
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      CapitanBlack
      last edited by

      pfSense Plus: 22.05-RELEASE (amd64)

      My PC's IP address on XXXXLAN_MAIN network is 192.168.xx.xx (redacted for privacy). I want a PBR rule routing certain subnets listed in the Destination alias XXXX_SUBNETS to another gateway.

      1cb05cc8-73b7-49d9-8dbd-14e06b58b577-image.png

      The above rule does not work unless I set Source to XXXLAN_MAIN net as it shown below - specifying 192.168.xx.xx or an alias containing this IP doesn't work.

      bb886c61-3b27-4028-8a18-9da183e01965-image.png

      Any ideas?

      R 1 Reply Last reply Reply Quote 0
      • R
        rcoleman-netgate Netgate @CapitanBlack
        last edited by rcoleman-netgate

        @capitanblack said in Source: "Single Host or Alias" does not work for IPv4 outbound rules?:

        192.168.xx.xx (redacted for privacy).

        That entire network is unroutable. Save yourself the time editing images and... don't.
        10.x.x.x/192.168.x.x/172.16.x.x-172.31.x.x are unroutable on the internet and mean nothing to us other than it helps us figure out what you're doing wrong.

        Please fix your post with un-redacted images.

        Ryan
        Repeat, after me: MESH IS THE DEVIL! MESH IS THE DEVIL!
        Requesting firmware for your Netgate device? https://go.netgate.com
        Switching: Mikrotik, Netgear, Extreme
        Wireless: Aruba, Ubiquiti

        C 1 Reply Last reply Reply Quote 1
        • J Jarhead referenced this topic on
        • J Jarhead referenced this topic on
        • C
          CapitanBlack @rcoleman-netgate
          last edited by CapitanBlack

          @rcoleman-netgate

          My Ubuntu server - just to confirm. No proxy in browser no, other VPN running on server.. Nothing that could interfere the traffic.

          cf91ee5f-cf4c-4bfc-b1c1-39cc5eb7fafd-image.png

          1. When I specify /24 subnet for source - rule works just fine and sends traffic to a specific VPN gateway: aaf1660b-ac6e-49b5-a49b-46986bc861c7-image.png

          2. When I select the network name from drop-down - rule works fine too - f0c324c3-b464-4c49-9722-70507eb10132-image.png

          3. When I specify a single IP - rule does not work anymore and traffic goes to pfSense default gateway group . 9f52e90f-1d18-49be-9581-21fc10dc0d3a-image.png

          R 1 Reply Last reply Reply Quote 0
          • R
            rcoleman-netgate Netgate @CapitanBlack
            last edited by

            @capitanblack So there's a LOT more to PBR than your firewall rule.

            There's outbound NAT changes
            The VPN type
            Making sure you have the interface configured correctly.

            Diagnosing from a single set of snippets or a redacted single graphic is very much impossible.

            You should start from the beginning: PBR. Why? VPN? Multi-WAN? What's the rule config look like? NAT settings?

            We don't need encryption keys or passwords or usernames but you need to provide more detail up front.

            Ryan
            Repeat, after me: MESH IS THE DEVIL! MESH IS THE DEVIL!
            Requesting firmware for your Netgate device? https://go.netgate.com
            Switching: Mikrotik, Netgear, Extreme
            Wireless: Aruba, Ubiquiti

            C 1 Reply Last reply Reply Quote 0
            • C
              CapitanBlack @rcoleman-netgate
              last edited by CapitanBlack

              @rcoleman-netgate said in Source: "Single Host or Alias" does not work for IPv4 outbound rules?:

              @capitanblack So there's a LOT more to PBR than your firewall rule.

              There's outbound NAT changes
              The VPN type
              Making sure you have the interface configured correctly.

              Diagnosing from a single set of snippets or a redacted single graphic is very much impossible.

              You should start from the beginning: PBR. Why? VPN? Multi-WAN? What's the rule config look like? NAT settings?

              We don't need encryption keys or passwords or usernames but you need to provide more detail up front.

              I've edited my post. I just want send all IPv4 traffic form a single host on this LAN to Wireguard VPN gateway. Wireguard tunnels works just fine. I have the VPN gateway selected under Advanced for this PBR rule and the rest of values over there are set to default.

              C 1 Reply Last reply Reply Quote 0
              • C
                CapitanBlack @CapitanBlack
                last edited by CapitanBlack

                There's outbound NAT changes
                The VPN type
                Making sure you have the interface configured correctly.
                You should start from the beginning: PBR. Why? VPN? Multi-WAN? What's the rule config look like? NAT settings?

                I've doublecheck everything and return to you.

                Thanks a lot!

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post