Policy routing not used by PfSense own interface



  • Hi

    the architecture :

    PfSense WAN PPPoE
    PfSense LAN 192.168.7.1/24 –---------------- Firewall eth1 192.168.7.10/24
                                                                      Firewall eth0 192.168.3.10/24
                                                                      LAN 192.168.3.0/24

    the goal
    LAN 192.168.3.0/24 must access PfSense GUI (HTTPS)

    Config 1: (OK)

    in PfSense :
    Add Gateway (LANGW) : interface LAN, IP:192.168.7.10
    Add route : destination 192.168.3.0/24 via LANGW
    Add rule : (LAN Rule Pass) Source TCP 192.168.3.0/24, port ---, Destination LAN address, port 443
    Access granted to 192.168.7.1:443 from 192.168.3.0/24

    Config 2: (NOT OK)

    in PfSense :
    Add Gateway (LANGW) : interface LAN, IP:192.168.7.10
    Add rule : (LAN Rule Pass) Source TCP 192.168.3.0/24, port ---, Destination LAN address, port 443
    Add rule : (LAN Rule Pass) Source TCP LAN Address , port 443, Destination 192.168.3.0/24, port ---, Gateway LANGW
    (no route added in this config, using routing policy instead)
    Access impossible to 192.168.7.1:443 from 192.168.3.0/24

    Note

    i've added a virtual IP : 192.168.7.2 in PfSense and re-done the Config 2 replacing LAN address by Virtual IP
    still the same result : Access impossible to 192.168.7.2:443 from 192.168.3.0/24
    i've also done many test replacing LAN address by LAN net and by any (*)
    still the same result (no access)

    Any idea ?
    is there a way to solve the problem and to make the config 2 operate ?
    Thanks



  • That won't work without adding a static route to pfSense. The policy routing by a firewall rule doesn't handle responses from pfSense.



  • Thanks a lot for the information

    i've done a Plan B, i've configured NAT in the Firewall for traffic from 192.168.3.0/24 intended to PfSense LAN address


Log in to reply