Clarification re: 'Packet can't go in then out the same interface'
-
There are several places in the pfsense online docs and forum notes, and also in the freebsd docs, we read the phrase that goes something like this: "A packet can't go out the same interface it came on' or 'Packets can't be routed out the same interface they came in on' or 'Packets can't go in then come out of the same interface'.
When first I read this I thought 'interface' to mean 'the thing inside the box the cable carrying the packets of interest plugs into'. You know, 'interface' as in 'net card you stick in a slot'.
Then as I got better at all this I took 'interface' to mean: 'the thing inside the box the cable carrying the packets of interest plugs into, so long as the packets on the cable are on the same VLAN or are untagged (have no VLAN assignment)'.
Now I think 'interface' means 'the thing inside the box the cable carrying the packets of interest plugs into, so long as the packets on the cable are on the same VLAN or are untagged (have no VLAN assignment) and if ipv4 are on the same subnet, or if ipv6 have the same prefix'.
Which of the above is the most correct? Are there further refinements?
-
Different subnets don't matter. If you have different subnets defined on a single interface then expect traffic from a host on one subnet to reach a host on the other subnet, you're going to be dealing with "out the same interface it came in on."
Interfaces are what's listed in Interfaces in the pull-down menu. They can be physical, virtual (VLAN), PPPoE, Wi-Fi, etc.
