Weird NAT ISSUE while trying to use policy routing

  • Hello Everybody.

    I'm trying to configure policy routing on pfsense, i'm close to get it working but… It's not.

    A quick diagram :

    By default SRV1 use IPSEC connection to reach SRV2.

    I want SRV1 to use MPLS instead.

    So :

    1. i created a rule for SRV1 when he needs to reach SRV2 to use MPLS gateway.
    2. I created a NAT rule when SRV1 reach SRV2 using MPLS link to use IP of MPLS interface.
    3. I created a rule on FW2 to allow MPLS'S IP of FW2 to reach SRV2.

    I though it would be enough and it seems i'm close to it.

    I tried with a ping :

    1. SRV1 send his ping to FW1
    2. FW1 send the ping to SRV2 with FW1 MPLS IP
    3. FW2 receive ping from FW1 destination SRV2, packet forwarded
    4. SRV2 receive the ping and send the reply
    5. FW2 receive the ping reply and send it to FW1 IP
    6. FW1 receive the ping reply on  MPLS interface

    then the trafic stop. FW1 do not forward the packet to SRV1.

    The same thing happend if i use TCP (RDP for exemple)

    Any idea?



  • Hi there,

    I just ran some test.

    I tried the same thing from SRV2 to SRV1 and it's working.

    Any idea why it is not working from SRV1 ?

