[SOLVED] Return Traffic To Subnet Behind Secondary Gateway Routing Issue
-
I've got a problem that seems to be related to the new changes to routing in 2.1
I am running 2.1.3.
In summery: reply packets to connections initiated from a subnet behind a secondary gateway are being routed to the default gateway rather then the secondary gateway
The network layout is as follows
I've added a PBR rule so that traffic from the "Example Server" is specifically allowed with the "VPN Device" set as the gateway. This rule is above the default allow out * rule
After doing this the "Example Server" can ping the client workstation at 192.168.161.50. So that is all well and good.The issue is that if the "Client Workstation" initiates the a telnet connection the packets arrive on the Example server as expected (Via Wireshark). But the return traffic is sent to the Primary Internet Gateway as proven by doing a packet capture on the "PF Sense".
The "PF Sense" has a route for 192.168.161.0/24 using the "VPN Device" gateway 172.30.0.86
What am I missing?
-
While I don't understand it yet….I found a fix.
https://forum.pfsense.org/index.php?topic=75620.0
post #2 by CMB. Ticking "Disable reply-to on WAN rules" solved the issue.
I've tried Googling reply-to route-to but not found anything concrete about how or what it is used for. Is this s freeBSD thing or I am missing something core to networking here.
I hate not knowing why this works.
Someone enlighten me?