4. Policy routing limitations ?

Policy routing limitations ?

  • B

    Hello,

    I have done several tests with pfsense 2.2.4-RELEASE and it seems the policy routing capacities of the pfsense only works when connections are initiated from the interface where the rule is applied, if I want to policy routing only the responses of a http server it doesn't work.

    I want to change the default gw (or next hop) of http responses, i have created the rule from servers source_port_80 defaultgw _is_other ….. , but the rule is simply not applied and the apache traffic keeps going to the default gw, but if I mannualy generate the traffic on the server with netcat and use source port 80 it works because it's a new connection and not a response from a established one.

    Is this a bug or a limitation of the pfsense ?

    Thanks.

    0
  • Rebel Alliance Developer Netgate

    Policy routing is a per connection action, not a per-packet action. Once a state is made the decision has been made and stored in the state, you can't take different action on reply packets.

    Although what you're suggestion wouldn't really work even if that were possible. What exactly are you attempting to accomplish?

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy