Re: [pfSense] routing between subnets at same Interface - configuration not working on 2.4.1

Wed, 31 Jan 2018 00:12:53 -0800 

Hi,

Yes I cecked the Bypass firewall checkbox.
There it says
"This option only applies if one or more static routes have been defined. If it is enabled, traffic that enters and leaves through the same interface will not be checked by the firewall. This may be desirable in some situations where multiple subnets are connected to the same interface." 

Because of that I set up my static routes for this Interface.
Meanwhile I updated to v2.4.2_1 - have to test it again.


Are there any other ideas of possible differences in automatic routing 
between v2.3.x and v.2.4.x since there is also a change of underlying 
FreeBSD-Version.


cheers!

Fabian



Am 30.01.2018 um 19:29 schrieb PiBa:

Hi Fabian,

Have you set?:

System/Advanced/Firewall & NAT: "Static route filtering, Bypass 
firewall rules for traffic on the same interface"



As for your 'static routes', i'm not sure what purpose they serve.. 
Routing between subnets known on a pfSense interface is 'automatic'.


Regards,
PiBa-NL

Op 30-1-2018 om 9:57 schreef Fabian Bosch:

Hello,


I cannot switch from Version 2.3.3 to 2.4.1 because of the routing at 
the same interface.
I transfered the backup.xml from machine A (2.3.3) to machine B 
(2.4.1) and everything worked fine but the routing between Subnets 
assigned at LAN-Interface.
There are multiple subnets set up via VirtualIPs and there are static 
routes to each of the subnets via the native LAN-Gateway Adress e.g 
route 192.168.110.0/24 via GW_LAN(192.168.100.1) and assigned 
VirtualIP in this case 192.168.110.1
Since this configuration runs well on 2.3.3 I wanted to ask whether 
there are major changes in default handling of traffic at the same 
interface. In 2.3.3 you don't need firewall-rules to allow traffic 
between subnets at the same interface - did this change in 2.4.1?


Thanks!

Fabian
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold





--
    --
    Fabian Bosch, Solutions-Engineer

    DAASI International GmbH
    Europaplatz 3
    D-72072 Tübingen
    Germany

    phone: +49 7071 407109-0
    fax:   +49 7071 407109-9

    email: [email protected]
    web:   www.daasi.de

    Sitz der Gesellschaft: Tübingen
    Registergericht: Amtsgericht Stuttgart, HRB 382175
    Geschäftsleitung: Peter Gietz

_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold





















					Reply via email to