Re: [pfSense Support] Firewall Rule for another network

[Evgeny Yurchenko]

On 10-12-09 11:07 PM, Maik Heinelt wrote:
pfSense is our internet router (192.168.144.10)
The L3 switch in between the 2 networks A. and B. is configured to 
send all request for network A (192.168.144.0) to the pfsense router.
Before we used pfSense, we had a working CentreCom Router.

Maik
..................................................................
Heinelt Maik | Software Developer
ハイネルト　マイク
愛知県一宮市富士２－２－２２
株式会社 ベガシステムズ
TEL: 0586-71-3903 FAX: 0586-71-4071
http://www.vegasystems.com
Skype ID: daliose
..................................................................
DISCLAIMER: This information is confidential and is intended only for 
the use of the individual or entity named above. If the reader of this 
message is not the intended recipient, please disregard and destroy 
this email and its content. Thank you

On 2010/12/10 13:04, Evgeny Yurchenko wrote:
On 10-12-09 11:01 PM, Maik Heinelt wrote:
Sorry for the confusion.
We have L3 switch between network A and B.
This switch has the IP 192.168.144.112 in network A and the IP 
192.168.11.1 in network B.
Any request for network B (192.168.11.0) from 192.168.144.0 network 
is routed to 192.168.144.112.

I can reach from A network to B network, but not backward.

Maik

And where is pfSense here?
please do not top-post.

So, we have
Network A -----------------192.168.144.112 switch 192.168.11.1 
-------------- Network B
192.168.144.0/24      | 
                                                                    | 
               192.168.11.0/24
                                     
|                                                                     |
                                     \-192.168.144.10 pfsense 
192.168.11.x-/
and hosts from A forward packets to pfSense when send to B while hosts 
from B always forward packets to the switch.
Right?
Ideal solution is to get rid of asymmetric routing, if you want to 
filter traffic just make hosts in B to use pfSense when sending to A.
If it is not possible then what Chris proposed does not work because 
pfSense has network B on one of its interfaces, thus you can't create 
static route to Network B.
Try in the rule allowing A to B set StateType to None.



---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org