Policy routing limitations ?

Routing and Multi WAN
Log in to reply
  • B

    Hello,

    I have done several tests with pfsense 2.2.4-RELEASE and it seems the policy routing capacities of the pfsense only works when connections are initiated from the interface where the rule is applied, if I want to policy routing only the responses of a http server it doesn't work.

    I want to change the default gw (or next hop) of http responses, i have created the rule from servers source_port_80 defaultgw _is_other ….. , but the rule is simply not applied and the apache traffic keeps going to the default gw, but if I mannualy generate the traffic on the server with netcat and use source port 80 it works because it's a new connection and not a response from a established one.

    Is this a bug or a limitation of the pfsense ?

    Thanks.

    0
  • jimp
    Rebel Alliance Developer Netgate

    Policy routing is a per connection action, not a per-packet action. Once a state is made the decision has been made and stored in the state, you can't take different action on reply packets.

    Although what you're suggestion wouldn't really work even if that were possible. What exactly are you attempting to accomplish?

    0

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy