4. Static Routing

Static Routing

  • A

    I want to direct specific traffic from LAN0 to LAN1 to the internet.

    QUESTION:
    When traffic not destined for the LAN behind the router hits the router's WAN port, what directs traffic first:

    • the gateway defined on the WAN port, (in this case the traffic would be rejected because there would be no IP behind the router to direct the traffic toward)
    • a static route defined in the router, (which is what I hope is the case because then I can route the traffic "through" the router and out another gatewan)
    • a firewall rule allowing or disallowing traffic with a specific destination?

    That's the gist of the question and if it is possible to answer just the above, that would be very very helpful. Below is just a rephrasing of the above in several different ways and the best I can do to describe the specific scenario.

    Here's what I've go going:

    A router with dual WAN ports labeled WAN0 and WAN1. Only WAN1 has a gateway to the Internet. I wish to redirect incoming WAN0 traffic destined for a specific Internet destination to the WAN1 gateway.

    The WAN0 gateway IS NOT pointed to WAN1 (duh). So….

    • I created a firewall rule allowing WAN0 to accept the specific traffic I wish to redirect.
    • I created a static route that routes the specific traffic to the WAN1 gateway.

    No love.

    So...here's more detail

    • the "specific traffic" is that traffic destined to a public IP network -- the example below uses a fake public IP network of 288.333.111.0

    • LAN0 and LAN1 each with their own router/firewall.

    • Router1 services LAN1

    • Router1 has two WAN ports -- WAN0 and WAN1

    • Router1 WAN0 faces LAN0 and WAN1 faces the Internet

    • Router0 services LAN0

    • Router0 has only one WAN port which faces the Internet

    • Both LANs use the Internet connection on Router0 which is to say, by default, all Internet destined traffic from both LAN0 and LAN1 use the WAN connection on Router0

    And here's an attempt to diagram the setup as I would like to see it work.

    All traffic to
    Internet from
    both LAN0 and LAN1
    Except 288.333.111.0
      |
      |
    WAN0 on Router0       
    192.168.0.1/24  <------> LAN0 192.168.0.0/24
      |                    (traffic to 288.333.111.0 originates here)
      |                    (traffic to LAN1 is blocked by the Router1 firewall)
    Static Route
    On Router0 sends   
    288.333.111.0 
    Traffic to
    WAN0 on Router1
      |                 
      |
    WAN0 on Router1                 
    192.168.0.3/24  <-------> LAN1 192.168.1.0/24
    GW:192.168.0.1            (traffic to 288.333.111.0 originates here too)
    NOTE: A firewall rule    (traffic is expected to flow LAN0 to access LAN0 hosts)
    on WAN0 allows all
    traffic destined to 288.333.111.0
      |
      |           
    Static route
    on Router1 sends                 
    288.333.111.0                   
    Traffic to
    WAN1 on Router1
      |                      (NOTE: This rule works for all traffic originating from LAN1)     
      |                     
    WAN1 on
    Router1
      |
      |
    Only Internet Traffic
    to 288.333.111.0

    0
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy