Hello, i have the following issue: i need to access a host (***.98.202.53) that's behind an interface on my UTM box, the interface is 192.168.10.x/24 with a .254 as default gateway and is configured as DHCP client. this IF is NOT set as default gateway(as it doesnt has access to anything BUt that host) on another interface i have the normal internet connection. now, i have done the following: [LIST=1] Configured the interface "private" as DHCP client, it gets IP 192.168.70.2/24 Made a host definition for that IF GW (192.168.0.254) bound to the "private" IF Made a host definition for the specific host (***.98.202.53) bound to the "private" IF as well Made a PF rule allowing LAN->host Made a policy route, type gateway, from LAN-> host, gateway "private GW" [/LIST] and it doesn't works, i can see a initial packet loaded in PF live log but no ping, no traceroute pass, if i traceroute from UTM itself it goes to internet, ping from lan or utm also fail. I tried making a static gateway router, with same definition, no avail. What am i doing wrong?, or the problem is not on my UTM and instead is a routing table issue on the .254 gateway?

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

dyn/static route on 2nd IF not working?

Hello,
i have the following issue: i need to access a host (***.98.202.53) that's behind an interface on my UTM box, the interface is 192.168.10.x/24 with a .254 as default gateway and is configured as DHCP client.
this IF is NOT set as default gateway(as it doesnt has access to anything BUt that host)
on another interface i have the normal internet connection.

now, i have done the following:

[LIST=1]

Configured the interface "private" as DHCP client, it gets IP 192.168.70.2/24
Made a host definition for that IF GW (192.168.0.254) bound to the "private" IF
Made a host definition for the specific host (***.98.202.53) bound to the "private" IF as well
Made a PF rule allowing LAN->host
Made a policy route, type gateway, from LAN-> host, gateway "private GW"

[/LIST]

and it doesn't works, i can see a initial packet loaded in PF live log but no ping, no traceroute pass, if i traceroute from UTM itself it goes to internet, ping from lan or utm also fail.

I tried making a static gateway router, with same definition, no avail.

What am i doing wrong?, or the problem is not on my UTM and instead is a routing table issue on the .254 gateway?

This thread was automatically locked due to age.

Parents

0 BAlfson over 11 years ago

Mast, I'm confused. I don't understand why you want to have a public IP on a device that only can be reached from your LAN. I would think that you would configure an Additional Address on eth1 for that public IP and use a DNAT to get the traffic to your server. Or, is the server also reachable from another internet connection and you just want your LAN to be able to reach the server? Perhaps you can clarify the situation for us.

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BAlfson over 11 years ago

Mast, I'm confused. I don't understand why you want to have a public IP on a device that only can be reached from your LAN. I would think that you would configure an Additional Address on eth1 for that public IP and use a DNAT to get the traffic to your server. Or, is the server also reachable from another internet connection and you just want your LAN to be able to reach the server? Perhaps you can clarify the situation for us.

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data