On 9/25/2013 3:17 PM, Adam Thompson wrote:
On 2013-09-19 00:14, Adam Thompson wrote:
I'm having difficulty adding a static route that points to another
router on the WAN subnet. I think I just found the problem, in
/tmp/rules.debug:
pass out route-to ( lagg0_vlan2 184.70.48.185 ) from
184.70.48.187 to !184.70.48.184/29 keep state allow-opts label "let out
anything from firewall host itself"
Where .185 is my upstream, and .187 is the pfSense firewall I'm
trying to originate traffic through. The other router's northbound
interface lives at .188 in the same subnet.
If I'm not mistaken, this is the rule that prevents me from reaching
the remote subnet via 184.70.48.188. Unfortunately, this is a
system-generated rule. Suggestions?
(I'm sure the routing table is correct, since "pfctl -d" makes
routing work correctly from pfSense and it breaks immediately again
with "pfctl -e".)
I can add another VLAN as a point-to-point interface between pfSense
and the other router, but that just seems stupid when I already have
a segment & subnet that connects the two.
Ping.
Anyone have any ideas how to make this work without setting up another
interface? Is this a bug I should be opening a ticket on?
Maybe this is a dumb question, but do you have "Disable Reply-To"
checked in System->Advanced-Firewall/Nat?
_______________________________________________
List mailing list
[email protected]
http://lists.pfsense.org/mailman/listinfo/list
