How to setup Aliases
-
Hi all,
pfSense 2.5.2 with OpenVPN for all LAN Clients.
Let's say I have an alias setup for a couple of LAN IP's and I want to bypass the VPN and go directly to the WAN for TCP Ports 100, 200, 300 and UDP Ports 1000, 2000, 3000.
I noticed you can setup protocols UDP or TCP/UDP for a LAN Rule, so do I create two aliases one containing the TCP Ports and another containing the UDP Ports and then two LAN Rules and select TCP/UDP in one and UDP in another. Or is there a way of making only one alias for all the ports and only one LAN Rule?
TIA
-
@gregeeh Aliases are pretty much all or nothing. Think of them as a preprocessor macro in C.
One thing I like to do is go to diagnostics, command prompt, then enter the command pfctl -s rules. That shows you the rules as they are loaded and optimized in pf.
If you do this, you see individual rules for each item in the alias.So if there is overlap on the TCP and UDP ports you could do a single rule and enable it for both TCP/UDP. If there is no overlap, create 2 aliases and 2 rules.
It looks like you have distinct ranges: TCP ports 100, 200, 300 and UDP ports 1000, 2000, 3000, so 2 aliases, 2 rules, one for TCP one for UDP.