Reply from lan going to wrong interface
-
I have attached this image for clarity, i hope someone can point me what i'm missing here..
So i have this pfsense acting as shaper and router between 2 ISP,
on This shaper default gateway is pfsense box going to ISP 1.
P.S : ISP 2 doesn't provide their router, we have to provide ourself, hence the 1 extra Linux Router on ISP2Linux Router ( 192.168.1.5 ) routing :
route 192.168.110.10 via 192.168.1.2PFSense Shaper :
192.168.110.0/24 via 192.168.10.253
( 192.168.10.253 is L-3 Switch )Now there is one webserver on LAN that i want to be able to access from ISP 2 ( 5.6.7.8 ),
all routing is done, i can see the packets going in from 5.6.7.8 to 192.168.110.10
BUT,
packets from Webserver is caught on PFSense box firewall log for ISP 1..I have added advanced LAN Rules on PFsense Shaper specifying 192.168.1.5 GW…
but the reply from webserver still get caught on ISP 1's log...Hope someone can help...
Thanks..
-
3 routers on the same broadcast domain as you have there can get ugly with any stateful firewall. Moving one of those to a diff interface would make your life easier.
You can work around it though. The reason the traffic is getting routed the way it is, either route-to, or reply-to. In a scenario like that, you need to disable reply-to unless you move one of those next hops to another interface. Can disable reply-to globally (Sys>Advanced) or on a per-rule basis.
-
Hi..
thanks for your answer,
yes i think i'd rather add another interface on the shaper box,
so i don't need to add more tuning to pfsense..SO basically i should just use
e.g : Add interface 192.168.2.1 for shaper ,
and replace 192.168.1.5 with 192.168.2.2 on the linux router box,
Am I correct ?