Firewall Rules don't work with Gateways



  • Hey guys,
    I have configured a VPN client and it can sucessfully connect to the VPN provider by default (if if leave "don't pull routes unchecked"). If I check that option, then by default the default gateway is used and the traffic doesn't go through the VPN, as expected. So all of that is working fine, except I want specific computers to use the VPN and not the others.

    I just reinstalled pfsense so that's why I have to reconfigure everything again, but before the reinstallation, I remember that I got that working by creating a Firewall LAN rule and check "pass", then source is the computer IP (or alias) that should use the VPN, destination is "any", and finally the gateway would be the one corresponding to the VPN. However, as soon as I create a rule that has a specific Gateway specified instead of "Default", it blocks traffic. It doesn't matter if I set WAN or the VPN Gateway, I have no internet connectivity for those devices (specified as source) and I can no longer access them accross the LAN.

    As I said, if I don't create special firewall rules, it works (but it's applied to all computers, which I don't want), so I would guess that the NAT Outbound rules that I created are configured properly ?
    What else can I check to diagnose this issue ?

    Thanks !



  • @JediForce98:

    Hey guys,
    I have configured a VPN client and it can sucessfully connect to the VPN provider by default (if if leave "don't pull routes unchecked"). If I check that option, then by default the default gateway is used and the traffic doesn't go through the VPN, as expected. So all of that is working fine, except I want specific computers to use the VPN and not the others.

    I just reinstalled pfsense so that's why I have to reconfigure everything again, but before the reinstallation, I remember that I got that working by creating a Firewall LAN rule and check "pass", then source is the computer IP (or alias) that should use the VPN, destination is "any", and finally the gateway would be the one corresponding to the VPN. However, as soon as I create a rule that has a specific Gateway specified instead of "Default", it blocks traffic. It doesn't matter if I set WAN or the VPN Gateway, I have no internet connectivity for those devices (specified as source) and I can no longer access them accross the LAN.

    As I said, if I don't create special firewall rules, it works (but it's applied to all computers, which I don't want), so I would guess that the NAT Outbound rules that I created are configured properly ?
    What else can I check to diagnose this issue ?

    Thanks !

    That is exactly how you set it up… Don't forget to check your NAT outbound rules, I was scratching my head for days trying to figure out why it wasn't working until I added the correct NAT entries.

    Specifically LAN to VPN and VPN to LAN as well as Local to VPN

    I have "Don't Pull Routes" checked and "Don't Add/Remove routes" unchecked.

    RHLinux



  • @RHLinux I have the same problem and i'm having issues with the outbound nat rules, would you mind posting a screenshot of your rules which made it work?



  • @chorong761 This post is from 2017 and the last time this user was online was May 2018. Start a new thread.


Log in to reply