Home / server / Questions / 760204
In Process
Pablo Santa Cruz
Asked: 2016-02-28 03:56:29 +0800 CST

PFSENSE: routing packets based on source IP address

  • 772

I am trying to route packets (actually, trying to change DEFAULT GATEWAY) depending on source IP address with PFSENSE.

ONE-SPECIFIC-IP ---> SPECIAL GATEWAY
ANY-IP          ---> DEFAULT GATEWAY

I guess this can be done with some similar to CISCO's PBR (policy based routing). But I need to do it with PFSENSE.

Is it possible? What's the option I should be looking into to do this?

routing

2 Answers

  1. On pfense you can implement this easily via rules. Create a firewall rule and assign a gateway on the advanced tab of the rule options.

    enter image description here

    • 3

  2. You have three options:

    1. Control a packet flow using ipfw fwd
    2. Control a packet flow using pf's route-to or reply-to
    3. Add multiple FIBs in the kernel (options ROUTETABLES=X, where X > 1), and then control the packet flow using ipfw setfib or pf's rtable.

    First and secnd way are classic PBR examples (like cisco) and last one is more modern approach (closer to Cisco VRF). PBR is simplier to accomplish, but it's harder to understand and control (since it's more atomic) and multiple FIBS require kernel tampering, which by itself if more difficult, but the final implementation is way simplier to handle and to undertstand. Iadvise using last approach.

    • 0