routing: forward vs redirect
-
Let me preface by saying this is my first pfsense installation and configuration. i'm more used to the cisco/fortinet/mikrotik and even straight linux network/firewall.
i'm trying to do a simple routing, based on dest network.
it's running on a kvm virtualization, with 1 (bridged) network interface.
since there's only 1 interface, i have to define it twice on the vm, because pfsense require WAN setup.i disabled wan, this unit is actually an internal router, i mainly use these routers to do routing. just within LAN.
here's the basic setup:
hosts that need routing: 10.10.x.x/16
internal router (pfsense): 10.10.3.13/16
ext gateway1: 10.10.0.1/16
ext gateway2: 10.10.3.9/16
ext gateway3: 10.10.24.1/16the job of the internal router is to route based on source and destination IP address.
currently, if i just put static route:
dest x.x.x.x via gateway1from host 10.10.x.x, ping x.x.x.x
pfsense actually tell the host to redirect the packet to gateway1
instead of forwarding the packet to gateway1can pfSense be configured to just forward the packet to gateway1 on the same LAN interface?
-
@esunarto said in routing: forward vs redirect:
it's running on a kvm virtualization, with 1 (bridged) network interface.
Why only one interface?
The machine is virtualized, so you can assign as many interfaces as needed to it, independently from the hardware. -
@esunarto said in routing: forward vs redirect:
can pfSense be configured to just forward the packet to gateway1 on the same LAN interface?
And that would be an asymmetrical mess!!
-
@viragomann i did assign 2 virtual nic to the 1 interface. i meant that hardware wise, there's only 1 logical interface on the vm host.
-
@johnpoz You're correct, it'll be asymmetrical.
what would be the ideal setup for this scenario? just masquerade everything into the router's IP ?
is it possible to push routing table to linux VMs without having to configure each one individually? -
The ideal setup would be a transit network connecting your other router to pfsense. Simple, clean - no asymmetrical issues.
-
@johnpoz thanks for taking the time to suggest transit network. I've actually never heard of it before. My quick Google search only yield to definition, not practical guide. Any article you can point me to?
