Static routing with nested alias AND policy based routing rules



  • Hi,

    I've got 2 issues with routing:

    • Static routing with nested alias'ed IPs is not working

    • Policy based firewall rules seem not to have the effect I was hoping

    Static routing with nested alias IPs
    When I use an alias which contains just one IP with cidr (ex: 192.168.1.0/24) the static routing works for that subnet.
    But when I add an alias which contains many alias names and those alias names contain IPs with CIDRs, the static routing does not work.

    Is it a bug, a limit or am I doing something wrong?

    One alias for all other alias entries:


    One single alias, that contains the IP


    Policy based firewall rules

    This may seem like a multi-wan connection, but there isn't any fail-over or load balancing.
    The management connection should be the only way to access the Webinterface of pfsense.

    Setup
    Each connected line is a different interface, with its own IP (ex: pfsense has 3 interfaces).


    My way of thinking was this:
    When the "Server" accesses "myClient", pfsense uses the default route.
    When "myClient" access the pfsense via its management IP, the default route must be ignored and pfsense sends the webgui back via the management gateway.
    When "myClient" access the "Server", pfsense uses a static route for the "Server"-Network.

    My rules in pfense


    My questions are:

    • When I add a gateway to a firewall rule, does this mean that all traffic sent back is sent over the gateway?

    • Are those routing policies intelligent? Like when a gateway is offline it ignores the rule?

    Thanks for your help. :-)

    Best regards,
    Chanz


Log in to reply