This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Problem with two WAN connections

Hello,

I have a litte problem with two WAN connections and policy routing.
Yes, I read the artikel in the knowledgebase. But either I missed something or I have to do something different on my setup:

I have two WAN connections, an ADSL wich is the default for any LAN-traffic and one SDSL which
is default for the DMZ (default GW is set on the ADSL line).

The SDSL line has a subnet of 8 IP's. For one IP I created a DNAT rule to a server in the DMZ. Works fine.
But one a second IP I would like to reach the firewall (ssh, webadmin, ipsec...).
(actually, the IP under wich I want to reach the firewall is the main address (eth2) of the SDSL interface and the IP for the DMZ server is an additional address on the same interface.)

when I try to reach the firewalls sshd on the SDSL line, the answer packets are wrongly send over the ADSL line.

As I sayed: the routing/dnat for the DMZ server works at the same time.
But not for the firewall itself.

What have I missed?

Best regards,
martin

This thread was automatically locked due to age.

0 Sidi over 17 years ago

Hello again,

I found a solution!
A second policy route:

Route Type:                    Gateway route
Source Interface:           >
Source Network:           SDSL-Firewall-Interface-IP (host)
Service:                          Any
Destination Network:    Any
Gateway:                        SDSL router

It only works with "source interface=any", with none of the other interfaces.

Is that realy the right way to do it? Or is there a "cleaner" way of doing what I want?
(one address of the sdsl-subnet for the firewall, others for DMZ server)

If I come to think of it, I guess that "lo" should the right interface (wich you haven't in the select box) for outbond traffic originating from the firewall.

regards,
  martin
Cancel
Vote Up 0 Vote Down

Cancel