Op 11-2-2017 om 17:24 schreef Matthew Pounsett:
On 11 February 2017 at 08:48, PiBa <[email protected]> wrote:
Make sure that 'internal' traffic is not pushed out over the gatewaygroup
to the WAN interfaces.
So create pass rules above the pbr>gatewaygroup rules, to allow internal
trafffic to just take the regular routes.
Ahh.. that sounds like a likely cause of my trouble. Thanks.
Admittedly after only looking for about two minutes, I don't immediately
see how to implement your solution, though. Gateway groups and firewall
rules are managed in separate places in the UI, so it's not clear to me how
to get firewall rules "above" the gateway group rules. I'll be out most of
the day but I can play with that some more tonight and tomorrow to see if
anything pops out at me.
Thanks for your help,
Matt
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
Alright so your using floating rules for the pbr part i guess :).
In that case you could try and filter those match rules to only affect
traffic that has a destination on 'the internet'.
Create a alias that has local networks like 192.168/16 172.16/12 10/8
and your routed block. Then only apply the floating rules that push
traffic out a gateway group to traffic that does NOT have that alias as
a destination.
Regards,
PiBa-NL
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
