Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Routing Question on the Lan Side

    Scheduled Pinned Locked Moved Routing and Multi WAN
    1 Posts 1 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      Nface21
      last edited by

      Hi,

      I am trying to do some Policy Based Routing. Here is my typical environment:

      WAN1 \                         /WAN2

      PFSENSE01 - PFSENSE02

      DMZ1           Local Lan                DMZ2
      172.18.0.0    172.20.0.0               172.19.0.0
                       Untangle .2.1
                       Core Switch .1.1

      Local Network 10.0.0.0

      Ok so in brief I am trying to create specific rules
      1 - Browsing or web or any 0.0.0.0 address traffic goes to the untangle server and then Out to either WAN1 or WAN2 (Working Fine)
      2 - I have rules on my internal router to specify route 172.18.0.0 -> 172.20.0.254 (PF VIP)
      3 - 172.19.0.0 -> 172.0.254

      So in clear all traffic going to the DMZ (Either 1 or 2 - 1 being the DMZ for wan 1 and 2 the DMZ for WAN 2) is routed directly from the switch to the PfSense Server (NOT going thru the Untangle box as I do not want this traffic to be monitored)

      4 - I have a static rule on PfSense that routes all 10.0.0.0 back to the untangle interface (172.20.2.1)
      5 - Here is when the fun begins! I would like to do this when SOURCE is 172.19.0.0 and Destination is 10.0.0.0 GW : 172.20.1.1 (Core Switch, NOT UNTANGLE)
      6 - Same for DMZ2 when source is 172.18.0.0 and Destination is 10.0.0.0 use GW 172.20.1.1 (and NOT 172.20.2.1 - Untangle)

      Its so easy to put graphically but is a little hard to put in words.

      I looked all the available option for the Policy Based Routing, but I can't select that Alternate Gateway since its on the LAN interface and there is no gateway on that interface.

      Again to maybe summarize:

      All traffic going to and from the DMZ must use the core sw gateway 172.20.1.1

      All Traffic going to anywhere (Internet) must be going back to untangle server

      Untangle is in Routing Mode it doesnt do Nating for now - One side in 10.0.0.0 and one side in the lan zone 172.20.2.1
      Core Switch is doing the same, routing no Nating One side in 10.0.0.0 and on side in lan zone 172.20.1.1

      I just don't want the traffic going to the dmz from my server to go thru the Untangle server that does session monitoring and all kind of check.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.