Route "misrouted" traffic back through the same interface?
-
Currently, Microsoft ISCSI initiator on Windows 7, does have a bug, that causes it to send local traffic to the gateway.
For example:
Client: 192.168.1.10
Server: 192.168.1.2Now ISCSI-init does send the traffic to the gateway, eg 192.168.1.1, and expect it to route it.
The problem is that pfsense drops this traffic, or attempts to route it out of WAN which will get dropped by the ISP due to it containing 192.168.x.x IPs.How can I configure pfSense to route such traffic back through the same interface it originated from?
Im NOT talking about NAT reflection, eg routing traffic back through same interface for configured external mapping.
(NAT reflection = traffic pointed to the WAN IP, but originates from LAN, will be rewrited according to the NAT rules)Any ideas?
-
Based on how I understand your confioguration and topology I think the most likely explanation is that the traffic is not being misrouted, but is being blocked by the firewall. Please try looking at the Status: System logs: Firewall logs to see if it seems to be getting blocked.
Because of the way you mention that one host is forcing traffic through the gateway, I suspect you might be encountering an asymmetric routing situation where pfSense is not building the state for the connection because it only sees the reply packet and never sees the original "CONNECT" packet. If true, you'll see the blocked packets in the logs.
-
Your initiator shouldn't be sending the connection to the gateway, have you tried using the server local IP address instead of the FQDN instead?
The machine/ dns server might not be resolving your fqdn to the internal server ip.