I seriously doubt this is a bug; you're doing strange, arguably wrong
things with your routing.
IF: you want pfSense to arbitrate all the traffic between
192.168.20.0/24 and 192.168.30.0/24, it is inadvisable to use the
setup you currently have. Instead of having the 192.168.30.0/24
gateway on the same L2 broadcast as 192.168.20.0/24, place it on a
different interface on the pfSense box, whether by physical interface
or VLAN (if your switch supports trunking).
IF: you just want 192.168.20.0/24 and 192.168.30.0/24 to communicate
freely w/o going through the pfSense box, the way you have things
configured now stipulates you'll have to place a static route on all
192.168.20.0/24 boxes pointing at 192.168.20.253 for the
192.168.30.0/24 subnet. The hosts in 192.168.30.0/24 shouldn't have
to make any changes, as their gateway should take care of the routing.
The classical (but often ignored in SOHO setups due to cost) solution
would be to place each subnet on its own switch, each of which is
connected up to a central router, which stands between them and the
firewall (preemptive apologies to those using variable-width fonts):
Internet
pub.??? ->|
pfSense
192.168.XXX.1 ->|
192.168.XXX.2 ->|
R
192.168.20.1 ->/ \<- 192.168.30.1
/ \
S- -S
/|\ /|\
/ | \ / | \
.20/24 .30/24
The first solution just shift the router functionality up to the
pfSense box, since pfSense does work quite well as a router.
Finally, the least advisable (in my opinion) approach would be to set
"System->Advanced->Static Route Filtering" in the pfSense web UI. It
will most likely enable you to do precisely what you are trying to do,
but given the current evidence of your network-fu will likely be the
hardest to troubleshoot should something go wrong.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
