Problem with routing traffic to a different gateway



  • Hie,

    First of all, sorry for my bad english !

    I try to configure PFsense (last version) to have the following purpose.

    Schéma.jpg

    I wish that my clients in VLAN 1 contact the website (call here, toto.com) through my private network.

    I've made the following step to configure PFsense.
    I configure my private gateway (192.168.0.251),
    04e8bd24-3f8c-40a8-8c52-7eac9509a03f-image.png

    set a static route (i don't know if this is required) and implement a firewall rule (for VLAN 1 zone) for redirecting the website traffic of the VLAN 1 client through the private GW.
    1c98e2c7-06a2-4f01-bb60-1002962b91c2-image.png

    But it's actualy not working and i don't understand why. All internet surf of the client seems to be redirected on the default gateway.
    When i make some traceroute from a client, it indicate the good path.

    ex1 : traceroute to an internet site.
    39d44bb6-a055-4bc2-99fc-3e360a24bf62-image.png

    ex2 : traceroute to my specific website :
    31d46f7a-599a-4dea-8607-5166afd5e605-image.png

    surf on the website indicate I'm connecting from the public IP of my default gateway not my private GW :
    67ca2e39-997a-408d-99fa-a6b07fc7a2c8-image.png

    (all the tests is made from the same PC).

    Do you have any ideas of what going wrong ?
    Thank you for yours tips or answers.

    Éric



  • Have you restarted the browser session or reset the states on pfSense?

    tracert is not representative here, cause it uses ICMP and you have allowed this traffic in your first rule on this interface.
    You may move your policy routing rule up to the top of the rule set, so that it is applied for ICMP packets as well.

    Since you have enabled logging in all of the rules, check the filter log to get an idea which rule allows the traffic. Maybe a floating rule?


Log in to reply