Hi All, Thanks for the posts, nut it seems that not only ICMP traffic is being routed improperly. When I try to connect to any of the resources on th other side of the VPN, the traffic is routed improperly. KHK ----- Original Message ----- From: "Peter Allgeyer" <[EMAIL PROTECTED]> To: [email protected] Sent: Sunday, June 3, 2007 2:06:36 AM (GMT-0800) America/Los_Angeles Subject: Re: [pfSense Support] Starnge routing issue
Hi Konrad! Am Samstag, den 02.06.2007, 20:30 -0500 schrieb Chris Daniel > This sounds like an ICMP redirect issue. I have seen problems on pretty > much every release of pfsense I have used where ICMP redirects have been > rather flaky (one should never rely on ICMP redirects for routing, > anyway), but I remember some thread from a while back regarding > redirects and 1.0.1. Make sure you are running a recent snapshot. Here > is the thread I remember: > http://www.mail-archive.com/[email protected]/msg07839.html I've never solved the problems with ICMP redirects. But as Chris said, it's better to not rely on them anyway. My problem was solved with passing incoming and outgoing traffic on the same interface. I saw an option in m0n0wall for that and suggested adding the possibility to bypass firewall rules for traffic on the same interface to pfsense, too. You can find a menu entry for that under System -> Advanced -> Miscellaneous -> Static route filtering. Also, I decided to change the whole internal routing through our layer 3 core switch (with icmp redirects switched off), because routing through it is much more performant than through the firewall and you'll have no problems with filter rules (ok, there are some ACLs on it, but I'm directly responsible for them, because there are no default rules set like in pfsense). I hope, that this helps solving your problems. BR, PIT --------------------------------------------------------------------------- copyleft(c) by | _-_ LOAD "LINUX",8,1 -- Topic on #LinuxGER Peter Allgeyer | 0(o_o)0 ---------------oOO--(_)--OOo----------------------------------------------- --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
