Two gateways - policy based routing of a single host based on ports



  • Hi all,

    I have 2 gateways, one is my regular WAN and the other is my IPVanish VPN. Both are setup fine. If I define a firewall rule that sends traffic from one client to the VPN, it works just fine with a regular firewall rule.

    Source 192.168.2.3, IPV4 protocol, all ports all destinations, done. Works fine, all my clients except this one IP go via my regular WAN and this IP is sent through the VPN.

    What I am now trying to achieve is some granularity at the port level for the same host.
    Basically I want all traffic to go through the VPN EXCEPT some specific ports.
    My questions are:

    What is the correct annotation? I am getting a bit lost with source/target ports on the firewall rules. I am using Crashplan which uses ports 443 4242 4243 4244 to communicate. I would like that to go through the WAN. I know I need to create a rule above the one I already have, but what's the format?

    Then also - if I do port forwarding to open a port for something for which I am sending traffic through the VPN, how does that work? What do I put in the NAT rule
    for Interface for example?

    How can I deal with the different DNS servers? My WAN traffic is resolved by DNS servers from google which I defined in the generic setup, but my VPN traffic should be resolved by DNS servers from IPVanish to prevent DNS leaks. I guess that is a bit of a stretch probably?

    I do have multiple NICs in both the PFSense box and this particular machine. Is it perhaps easier to bind things to a dedicated interface?

    Sorry if the questions are a bit obvious, I feel like I got pretty far with the whole setup but that piece keeps doing my head in. I would really appreciate it if someone could share some screenshots on what I should define.

    Many thanks in advance!

    Baldrick


Log in to reply