• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Routing Question on the Lan Side

Scheduled Pinned Locked Moved Routing and Multi WAN
1 Posts 1 Posters 1.6k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • N
    Nface21
    last edited by Jun 29, 2010, 3:35 AM

    Hi,

    I am trying to do some Policy Based Routing. Here is my typical environment:

    WAN1 \                         /WAN2

    PFSENSE01 - PFSENSE02

    DMZ1           Local Lan                DMZ2
    172.18.0.0    172.20.0.0               172.19.0.0
                     Untangle .2.1
                     Core Switch .1.1

    Local Network 10.0.0.0

    Ok so in brief I am trying to create specific rules
    1 - Browsing or web or any 0.0.0.0 address traffic goes to the untangle server and then Out to either WAN1 or WAN2 (Working Fine)
    2 - I have rules on my internal router to specify route 172.18.0.0 -> 172.20.0.254 (PF VIP)
    3 - 172.19.0.0 -> 172.0.254

    So in clear all traffic going to the DMZ (Either 1 or 2 - 1 being the DMZ for wan 1 and 2 the DMZ for WAN 2) is routed directly from the switch to the PfSense Server (NOT going thru the Untangle box as I do not want this traffic to be monitored)

    4 - I have a static rule on PfSense that routes all 10.0.0.0 back to the untangle interface (172.20.2.1)
    5 - Here is when the fun begins! I would like to do this when SOURCE is 172.19.0.0 and Destination is 10.0.0.0 GW : 172.20.1.1 (Core Switch, NOT UNTANGLE)
    6 - Same for DMZ2 when source is 172.18.0.0 and Destination is 10.0.0.0 use GW 172.20.1.1 (and NOT 172.20.2.1 - Untangle)

    Its so easy to put graphically but is a little hard to put in words.

    I looked all the available option for the Policy Based Routing, but I can't select that Alternate Gateway since its on the LAN interface and there is no gateway on that interface.

    Again to maybe summarize:

    All traffic going to and from the DMZ must use the core sw gateway 172.20.1.1

    All Traffic going to anywhere (Internet) must be going back to untangle server

    Untangle is in Routing Mode it doesnt do Nating for now - One side in 10.0.0.0 and one side in the lan zone 172.20.2.1
    Core Switch is doing the same, routing no Nating One side in 10.0.0.0 and on side in lan zone 172.20.1.1

    I just don't want the traffic going to the dmz from my server to go thru the Untangle server that does session monitoring and all kind of check.

    1 Reply Last reply Reply Quote 0
    1 out of 1
    • First post
      1/1
      Last post
    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
      This community forum collects and processes your personal information.
      consent.not_received