Route Specific Ports to router on LAN
I'm replacing a SonicWall in my office with a PFSense 1.2.3 box. One of the things that the SonicWall does is allow me to route certain services only to a T1 router that's sitting on the LAN network, but I'm not sure how or if I can do this with PFSense. Basically:
If HOST is trying to get to a server at, say, 10.1.1.1 port 3306, route to the T1. If HOST is going to any other port, take the default path over WAN (or forward to another machine). Policy Routing seems to only apply for sending me out a specific gateway. Is it possibly to create an arbitrary gateway, perhaps?
I'm actually revisiting this exact problem. About a year ago I posted up this regarding a IPSec tunnel:
My network has changed quite a bit since then but I still have need for something like this. Unfortunately, as I put the solution we worked to in that thread into heavier use, I've run into an issue. Uploads to web sites consistently fail if they're more than 70-80KB. I've honestly no idea what the problem is.
Well, kinda. What I'm looking for is generic policy routing based on the port, or whatever. Right now it seems like PFSense can only do two things with regard to next-hop routing:
1) Add a Destination-based static route, applied to an interface. All traffic on that interface destined for that network will follow the specified next hop, assuming the firewall rules don't block the traffic.
2) Create a firewall rule that defines the traffic you wish to route, but then specify a 'Gateway' in the rule.
#2 seems to be what I want in general, but I can't (or don't know how to) specify arbitrary gateways here. AFAIK, the only gateways that show up here are gateways defined in the load balancer, which seem to be primarily for outbound load balancing… but my "gateway" is another device on my LAN network.
But as I've never done any of the LB stuff in PFSense, I'm just not sure if there's another option.
You can use policy routing without setting up load balancing but the gateways are limited to default gateway and gateways entered for WAN-type OPT interfaces.
So basically you can policy route… as long as your policy is to go LAN-to-WAN-type. :( I can't say that's very flexible for a router, but I suppose PFSense's strength has never been purely router oriented.
You can route to an arbitrary gateway using the Load balancing feature as long as you edit the config file manually as was detailed in the thread I linked to. The problem is that it doesn't work 100% for me. It could be something related to my NetGuardian or it could be a pfSense issue, I haven't nailed it down yet.