[SOLVED] V2.1.3 Local services reply only via default gw?
-
For the unaware:
Do not use floating rules, the reply-to flag will NOT be added automatically. Just use the per-interface rules, this resolved the problem.
Hi,
I have a dual WAN setup, each WAN has the correct gateway configured, one gateway is set as default gateway, no load balancing or grouping in place. Sort of like this:
WAN1 has GW1; GW1 is the default gateway
WAN2 has GW2On both WAN1 and WAN2, I have ports mapped to internal services, via port forward. All works fine - by fine, I mean that the connections are stuck to the interface they originally arrived on - for example:
Internal HTTP service: Connection initiated on WAN2:80, packet forwarded to internal HTTP, reply packet sent back to the source via GW2. All good, confirmed with tcpdump.
However, when I have a local service on PFSENSE, bound to <any>or even to WAN2, all reply packets are sent via WAN1 and GW1. For example:
SSH service bound to <any>: Connection initiated on WAN2:22, but reply packet sent via WAN1 and GW1, with the source address of WAN2 ?!. Confirmed with tcpdump.
Is there any way I can tell PFSENSE to send also the traffic handled by locally bound services via the correct interface and gateway?
Thx!
ecos</any></any>
-
Some more data:
If the initiator is PFSENSE, then the connection is correctly handled - so if I use telnet -s WAN2_address, the packets go out and return via the correct gateway (GW2). It seems that only locally bound services are affected.