Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Source-routing and NAT port forwarding issue

    Scheduled Pinned Locked Moved Routing and Multi WAN
    1 Posts 1 Posters 221 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      greg01re
      last edited by

      Hello,

      In my pfSense on APU2 setup, the packets coming from a particular host in the LAN
      are source-routed to a VPN interface, thanks to a LAN rule matching the source IP.
      The packets are then NATed and go through the VPN. This is working fine, validating
      the source-routing mecanism.

      For a service on the inside host, a port forward from the VPN interface is needed.

      I've added the port forward rule along with its linked rule, and the packets coming from
      the VPN on the defined port are reaching the inside host.

      TCP sessions are not getting established though. It happens that in response to the
      client's SYN packet, the inside host effectively sends the SYN/ACK, but :
      This SYN/ACK isn't source-routed to the VPN interface, but goes to the default, as if the
      source-routing rule was not matched.

      The "Bypass firewall rules for traffic on the same interface" doesn't work, and it makes
      sense because the SYN/ACK packet isn't hitting the proper interface (VPN one).

      Do i miss something obvious ? Is there a way to "trace" the packets and understand why
      the SYN/ACK one wouldn't by matched by the source-routing rule, although it obvisouly
      matches the source IP ?

      Thank you

      G

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.