1

I have pfSense (1.2.3) with a WAN (gateway 10.10.20.1/24) and an OPT1 (gateway 10.10.21.1/24). I also have a LAN (static 10.10.12.1/24, DHCP 10.10.12.128-199/24).

I want to create rules so that traffic coming from LAN go through WAN if the source IP address is below 10.10.12.128/24 and through OPT1 otherwise.

I would I go and make that happen?

Thanks!

Solution: I'm filtering on two subnets as proposed by cpbills and I've added rules on the LAN interface that filters all source 10.10.12.128/25 and then uses the gateway of OPT1 and for the rest, then it falls back on the default route that forward all traffic to the WAN gateway.

Community
  • 1
lpfavreau
  • 439
  • 2
  • 8
  • 19

2 Answers2

1

you could break 10.10.12.0/24 into two subnets, 10.10.12.0/25 and 10.10.12.128/25 and then it would be pretty easy to differentiate in your firewall rules.

but that would probably only add to your workload, unless your hosts are assigned IPs via DHCP.

cpbills
  • 2,692
  • 17
  • 12
  • Thank you for the answer. And if I'm able to break it into two subnets? How would the rules look like? – lpfavreau May 18 '10 at 18:20
  • you could try: `route add -net 10.10.12.0 netmask 255.255.255.128 gateway 10.10.12.1` where 10.10.12.1 is the IP of your gateway to the WAN. `route add -net 10.10.12.128 netmask 255.255.255.128 gateway 10.10.12.129` where 10.10.12.129 is the IP to your OPT1 NIC – cpbills May 18 '10 at 18:42
1

I don't believe that would be a rule but instead would be a NAT route. You could set a NAT route for anything from the 10.10.12.0/25 network to go out the WAN NIC and anything from the 10.10.12.128/25 network will go out the OPT1 NIC. Check the Firewall/NAT tab.

heartlandcoder
  • 272
  • 1
  • 4
  • Is there a benefit of using a NAT route versus a rule? Performance-wise or else? – lpfavreau May 18 '10 at 19:49
  • I don't know of a benefit but it sounded more like you were wanting to route packets instead of setup access rules so that is why I suggested the NAT option. – heartlandcoder May 19 '10 at 04:56