Policy routing limitations ?



  • Hello,

    I have done several tests with pfsense 2.2.4-RELEASE and it seems the policy routing capacities of the pfsense only works when connections are initiated from the interface where the rule is applied, if I want to policy routing only the responses of a http server it doesn't work.

    I want to change the default gw (or next hop) of http responses, i have created the rule from servers source_port_80 defaultgw _is_other ….. , but the rule is simply not applied and the apache traffic keeps going to the default gw, but if I mannualy generate the traffic on the server with netcat and use source port 80 it works because it's a new connection and not a response from a established one.

    Is this a bug or a limitation of the pfsense ?

    Thanks.


  • Rebel Alliance Developer Netgate

    Policy routing is a per connection action, not a per-packet action. Once a state is made the decision has been made and stored in the state, you can't take different action on reply packets.

    Although what you're suggestion wouldn't really work even if that were possible. What exactly are you attempting to accomplish?


Log in to reply