Rule based on destination interface rather than subnet
-
I have a bunch of static routes defined in pfSense 1.2-RELEASE (embedded) that send various inbound packets on the LAN interface to a specific machine on the LAN interface (that machine then routes the packets outbound via various tunnels, therefore the destination IP address are various networks different from the LAN subnet). There are about 20 of these static routes defined.
I want to create the following rules:
- LAN -> LAN interface, gateway *
- LAN -> any, gateway LoadBalance
Note that I would like the first rule to be "LAN interface" rather than "LAN subnet". This is because my static routes are for destinations not within the LAN subnet, so the LAN subnet rule does not match them, however outbound interface will match.
I can create one specific rule to match the destination of each of my static routes (before 2), but that's annoying (especially if the GUI interface is the only way to do it!).
Is there any way in pfSense to specify the destination interface?
<aside>
Is another solution to advertise the appropriate routes from the tunnel machine, so that all the other machines on the LAN send their packets directly there instead of via my pfSense router? I've never done this type of routing, but I imagine it would involve a RIP server/client setup somehow. If this is a better approach, pointers appreciated.
</aside>Cheers,
Raman -
You could create an alias containing all your destinations and then use this alias in the rule.
-
You could create an alias containing all your destinations and then use this alias in the rule.
Unfortunately that means I still need to keep a list of the destinations in two places in pfsense – one on the static routes page and one on the firewall rules or aliases. Using aliases does make the date entry simpler but doesn't solve my underlying problem. Any other ideas?
-
Found the solution:
Advanced Setup, Bypass firewall rules for traffic on the same interface
