Policy Based Routing



  • Hi everybody,
    I need your support to solve a, probably, easy issue that is driving me crazy!

    In my current configuration the pfsense box has 2 gateway: WAN int (default gateway) and VPN int.
    pfsense also acts has DHCP server for the subnet 192.168.1.0/24

    Now the goal is to route certain IP addresses to the VPN gateway and the rest to the default gateway.

    Ideally i would like to have this split:

    • 192.168.1.10-50 WAN
    • 192.168.1.50-99 VPN
    • 192.168.1.100-254 WAN

    Believe me or not i was not able to find in the interface a rule to select a block of IPs

    Could you please help me to figure out what is the best solution?
    I would be ready to take into consideration a policy based on MAC address (but i would prefer to use IP blocks)

    Thanks in advance to everybody



  • You can use aliases for this. Firewall > Aliases > IP.

    Add an alias, call it e.g. DirectToWAN and add the ranges 192.168.1.10-192.168.1.50 and 192.168.1.100-192.168.1.254 to it.
    Add another one and call it e.g. DirectToVPN and add the range 192.168.1.50-192.168.1.99.
    Use these aliases for sources (single host or alias) in your firewall rules.


Log in to reply