I posted this on the forum[1] a while back but didn't get a response - thought I'd try here.
I've got a fairly typical multi-WAN setup on pfSense 2.0.1 with one primary WAN and a secondary WAN port. Inbound access to servers is the same across both WAN ports so what I've been doing is duplicating rules across both interfaces. Then I saw the Interface Groups tab and thought - nice! now I can add my two WAN ports to the Interface Group and then only have to worry about a single page of firewall rules unless I want a specific rule for one of the two WAN ports. So I created an Interface Group with both WAN ports and proceeded to copy a rule over, leaving my two existing WAN interface rulesets intact. But what I found is that this killed inbound connections on my secondary WAN port to a NATted host. Removing that WAN port from the interface group allowed things to continue working. Looking in /tmp/rules.debug I rules in this order: WAN rules, LAN rules, WAN-group rules, then OPT1 rules (OPT1 is my other WAN connection). Looking at the difference between the WAN-group rules and WAN/OPT1 rules it is missing "reply to ( <interface> <interface-ip> )" from the rules. I assume that this is the problem here - I'm guessing that the connection reply isn't going out the right interface. Any ideas? Should this work? Am I doing something wrong or missing something? Thanks! -Dave [1] http://forum.pfsense.org/index.php/topic,48169.0.html _______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
