Policy Based Routing Not Using Interface Criteria
-
Hello,
I was goofing with Policy Based Routing (PBR) and noticed that the "interface" criteria isn't applied. For example, if I have 3 pfsense interfaces as follows:
–---------- -------------
external net ------ PfSense - LAN A -------- DLP Host - 172.16.2.50
em1 ------------ em2 -------------
|
|em0
|-- LAN B (172.16.1.0/24)Objective: route some traffic to a transparent DLP solution - I need to keep the entire flow going through the DLP solution.
Details:
-
I created a PBR rule on interface em0 that said route traffic from source host 172.16.1.20 to DLP host (172.16.2.50)
-
Not that it matters, but I created a "return" PBR rule on inteface em1 that said traffic on interface em1 with a destination of 172.16.1.20 should be routed to the DLP host (172.16.1.50).
-
When I ping a host on the external network from 172.16.1.20 I get a TTL time exceeded message from the DLP host. I can see that icmp echo request rattle around between interface em2 and the DLP host until the TTL reaches zero. I would not have expected this because I would have expected that any traffic arriving through interface em2 with a source address of 172.16.1.20 would have taken the default route and not been policy routed.
Also, not that it matters but I also tried creating these rules as floating rules with the exact same results (I tied the rule to an interface and gave it a direction of "in")
Anyway, I was wondering if this was a known limitation, by design, or a bug.
I'm on version 2.0.2-RELEASE (amd64)
Thanks,
Jeff
-
-
bump