Static routing question



  • I have two gateways.  WAN and VPN.  Today I do some routing with firewall rules (Policy Routing?) that works fine.  I basically have a LAN rule that says all traffic from IP goes out the WAN.

    I'm trying to expand on this and can't get it to work.  In this case I have an alias (PLEX_Servers) that consists of 4 different networks, the plex.tv networks.  I added a LAN rule to route all traffic with destination PLEX_Servers to go out the WAN gateway, but when I run tracepath I see them still going out the VPN gateway.  I did add this rule ahead of the all LAN rule that sends everything out the VPN.  When I look at the log (I log the rules) I can see that my floating rule that assigns the traffic to a queue gets triggered, but then it seems to bypass the LAN rule that sends it out the WAN and instead chooses the 'all LAN' rule instead.

    So I then added them as a static route, but tracepath still goes out the VPN.  I see the routes in the routing table, but the VPN rules seem to win out.

    Any suggestion on how to figure out what is going wrong?  Why would this situation, based on destination not work, while the other rules bases on source IP do work?

    thanks,
    david



  • Pictures of my settings:



  • OK I got it working.  My CIDR was incorrect in my alias.  I had /32 instead of /16.

    When does it make sense to use policy routing vs static routes?

    david



  • I would say policy routing is for a specific one of situations and static routing is more of a general use thing. I'm not sure but I would guess static routing takes less resources too. I would love to hear what others think.