On Sun, Apr 15, 2012 at 1:07 PM, Joe Landman <[email protected]> wrote: > Hi folks: > > Have pfSense 2.0.1 stable installed on a machine we are using for testing. > 2x em network ports. Have em0 configured as WAN with IP 10.100.241.121/16, > and em1 configured as LAN with IP 192.168.3.1/16. > > I can reach the LAN port with ssh/others easily. No issues. I turned on > ICMP response on the WAN, and can ping that as well. > > Ok. Want to set up a simple external port forward from WAN->LAN (specific > IP on LAN). Logged in through GUI, and set this up > > WAN TCP * * WAN net 22 (SSH) 192.168.1.171 22 > (SSH) > > This host uses a different default gateway ... 192.168.1.1/16 . I can (and > have) set up a virtual machine on the 192.168.3.0/16 net using the 3.1 > machine as a gateway, and redirected ssh there. This works, fine as it > turns out. > > My question is, how (if at all) can I configure pfSense to handle the case > where it isn't the primary gateway? That is, its being used as a router for > external traffic, but the primary gateway is on a different router. Do I > need to add a specific route back on the client side, or is this something > pfSense can automagically handle? >
It's not a question of how you configure pfSense, it's strictly reliant on the host you're forwarding to. The host has to send its response traffic back in the correct direction. With its default gateway elsewhere, it won't do that. The only way you can work around that short of changing the host's default gateway is to source NAT everything leaving LAN to the LAN IP to override the fact the host you're forwarding to technically has broken routing. Can do that with manual outbound NAT. _______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
