Hello, i have the following issue: i need to access a host (***.98.202.53) that's behind an interface on my UTM box, the interface is 192.168.10.x/24 with a .254 as default gateway and is configured as DHCP client. this IF is NOT set as default gateway(as it doesnt has access to anything BUt that host) on another interface i have the normal internet connection. now, i have done the following: [LIST=1] Configured the interface "private" as DHCP client, it gets IP 192.168.70.2/24 Made a host definition for that IF GW (192.168.0.254) bound to the "private" IF Made a host definition for the specific host (***.98.202.53) bound to the "private" IF as well Made a PF rule allowing LAN->host Made a policy route, type gateway, from LAN-> host, gateway "private GW" [/LIST] and it doesn't works, i can see a initial packet loaded in PF live log but no ping, no traceroute pass, if i traceroute from UTM itself it goes to internet, ping from lan or utm also fail. I tried making a static gateway router, with same definition, no avail. What am i doing wrong?, or the problem is not on my UTM and instead is a routing table issue on the .254 gateway?

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

dyn/static route on 2nd IF not working?

Hello,
i have the following issue: i need to access a host (***.98.202.53) that's behind an interface on my UTM box, the interface is 192.168.10.x/24 with a .254 as default gateway and is configured as DHCP client.
this IF is NOT set as default gateway(as it doesnt has access to anything BUt that host)
on another interface i have the normal internet connection.

now, i have done the following:

[LIST=1]

Configured the interface "private" as DHCP client, it gets IP 192.168.70.2/24
Made a host definition for that IF GW (192.168.0.254) bound to the "private" IF
Made a host definition for the specific host (***.98.202.53) bound to the "private" IF as well
Made a PF rule allowing LAN->host
Made a policy route, type gateway, from LAN-> host, gateway "private GW"

[/LIST]

and it doesn't works, i can see a initial packet loaded in PF live log but no ping, no traceroute pass, if i traceroute from UTM itself it goes to internet, ping from lan or utm also fail.

I tried making a static gateway router, with same definition, no avail.

What am i doing wrong?, or the problem is not on my UTM and instead is a routing table issue on the .254 gateway?

This thread was automatically locked due to age.

Parents

0 TheDrew over 11 years ago

I'm not as well versed in the specifics as some others, BarryG and BAlfson spring to mind, but there are several threads on the forums where binding a definition to an interface has later on created problems with firewall rules and routing that was cleared up by removing the bindings. Binding does something to the router which can cause some very subtle and strange breakage.

It's enough of an issue that Bob Alfson's rulz includes as rule #3 never to create a host/network definition that is bound to an interface.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 TheDrew over 11 years ago

I'm not as well versed in the specifics as some others, BarryG and BAlfson spring to mind, but there are several threads on the forums where binding a definition to an interface has later on created problems with firewall rules and routing that was cleared up by removing the bindings. Binding does something to the router which can cause some very subtle and strange breakage.

It's enough of an issue that Bob Alfson's rulz includes as rule #3 never to create a host/network definition that is bound to an interface.
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data