Policy routing not used by PfSense own interface

boujid

Hi

the architecture :

PfSense WAN PPPoE
PfSense LAN 192.168.7.1/24 –---------------- Firewall eth1 192.168.7.10/24
                                                                  Firewall eth0 192.168.3.10/24
                                                                  LAN 192.168.3.0/24

the goal
LAN 192.168.3.0/24 must access PfSense GUI (HTTPS)

Config 1: (OK)

in PfSense :
Add Gateway (LANGW) : interface LAN, IP:192.168.7.10
Add route : destination 192.168.3.0/24 via LANGW
Add rule : (LAN Rule Pass) Source TCP 192.168.3.0/24, port ---, Destination LAN address, port 443
Access granted to 192.168.7.1:443 from 192.168.3.0/24

Config 2: (NOT OK)

in PfSense :
Add Gateway (LANGW) : interface LAN, IP:192.168.7.10
Add rule : (LAN Rule Pass) Source TCP 192.168.3.0/24, port ---, Destination LAN address, port 443
Add rule : (LAN Rule Pass) Source TCP LAN Address , port 443, Destination 192.168.3.0/24, port ---, Gateway LANGW
(no route added in this config, using routing policy instead)
Access impossible to 192.168.7.1:443 from 192.168.3.0/24

Note

i've added a virtual IP : 192.168.7.2 in PfSense and re-done the Config 2 replacing LAN address by Virtual IP
still the same result : Access impossible to 192.168.7.2:443 from 192.168.3.0/24
i've also done many test replacing LAN address by LAN net and by any (*)
still the same result (no access)

Any idea ?
is there a way to solve the problem and to make the config 2 operate ?
Thanks

viragomann

That won't work without adding a static route to pfSense. The policy routing by a firewall rule doesn't handle responses from pfSense.

boujid

Thanks a lot for the information

i've done a Plan B, i've configured NAT in the Firewall for traffic from 192.168.3.0/24 intended to PfSense LAN address