Routing traffic question
-
I need some help with a setup. I understand PFSENSE ok but I have really only done fairly basic setups in the past. I may have some of the lingo wrong, so let me apologize in advance. Hopefully this will make sense:
I need to route all local LAN traffic that is headed out to the subnet of 170.12.0.0/16 to an OPT interface so it can go out through a VPN appliance (Provided to me). Return traffic will be comming back through the same appliance and into the OPT interface and then needs to be routed back to the LAN. I do not need any firewall rules associated with this. All traffic to and from the VPN appliance is trusted.
All other internet traffic should go through the normal WAN with basic NAT and firewall rules that I understand.
I am not sure how to set this up. I have tried searching, but either I am not using the correct lingo, or this is really an odd thing to do.
Thank you,
Ryan
-
See /index.php?topic=106305.0, specifically parts 9 & 10.
-
Thank you for the reply, but I am not following how that applies. I understand that is putting in firewall rules, but those do not actually route the traffic to a separate interface do they?
-
Sorry I skim read your post on my phone and misunderstood what you are trying to do. I thought you were doing something else.
I don't know if this would be the correct way to do it or whether it would work, but you could create a gateway on OPT1 and assign your VPN appliance as the gateway IP, and then create a route for 170.12.0.0/16 to this new gateway.
-
I need some help with a setup. I understand PFSENSE ok but I have really only done fairly basic setups in the past. I may have some of the lingo wrong, so let me apologize in advance. Hopefully this will make sense:
I need to route all local LAN traffic that is headed out to the subnet of 170.12.0.0/16 to an OPT interface so it can go out through a VPN appliance (Provided to me). Return traffic will be comming back through the same appliance and into the OPT interface and then needs to be routed back to the LAN. I do not need any firewall rules associated with this. All traffic to and from the VPN appliance is trusted.
All other internet traffic should go through the normal WAN with basic NAT and firewall rules that I understand.
I am not sure how to set this up. I have tried searching, but either I am not using the correct lingo, or this is really an odd thing to do.
Thank you,
Ryan
you need to add a gateway to the opt interface.
create rule on lan like this: PASS / proto:any / src:lan-network / dst: 170.12.0.0/16 / gateway: opt_gateway
be sure to put the rule high enough in the list so that it get matched before an allow_all_rule. -
Do you want all traffic in the firewall with a destination of 170.12.0.0/16 to go to the gateway or just traffic from LAN?
If it's all traffic I would probably use a static route not policy routing.
-
I do want all traffic in the IP range to go out the OPT connection. So it sound like a static route is best. I just don't understand how to set that up.
-
First you didn't mention what the IP of your OPT interface is. If it is in the 170.12.0.0/16 subnet, the static route would have been created by pfSense itself. So I will assume it is not in this subnet.
You would start by creating a gateway in System->Routing:
Interface: OPT
Gateway: IP of the gateway directly connected to the 170.12.0.0/16
Default: no
Disable gateway monitoring: no
SaveOn next tab (routes) create a route:
170.12.0.0/16
Gateway: the one you just created. -
Thank you!
That was actually much easier than I thought. I guess I was over thinking it.
Ryan