Re: [pfSense-discussion] override routes on WAN
- Eugen Leitl eu...@leitl.org wrote: I'm attempting to simulate a production network 88.198.238.112/28 with gateway 88.198.238.113 on the OPT1 interface (set to 88.198.238.113) but I'm too dense to figure out how override the default route, which sends the packet to WAN. I obviously need to do something along the lines of route add -net 88.198.238.112/28 88.198.238.113 I'm not quite understanding but:- To route traffic you need distinct sub-nets. If you have the same subnet (or an overlap) on two interfaces of the pfsense box this is effectively an un-routable combination. Setting the gateway is something that happens on the client machine either by DHCP or manual settings carried out localy. The pfSense box will have a default route to it's next hop/gateway. Are attempting to set the clinet routing or pfSense routing when you talk about route add -net 88.198.238.112/28 88.198.238.113? The production network and the test network need total isolation with their own routes to the internet in order to get the routing to work without a lot of hassle Rob Help? -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE - To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org Blue Chip Technology Limited. Chowley Oak Lane, Tattenhall, Chester, Cheshire CH3 9EX - To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense-discussion] override routes on WAN
On Sun, May 02, 2010 at 04:36:00PM -0400, Chris Buechler wrote: On Sun, May 2, 2010 at 2:30 PM, Scott Lambert lamb...@lambertfam.org wrote: On Sun, May 02, 2010 at 01:03:50PM +0200, Eugen Leitl wrote: I'm attempting to simulate a production network 88.198.238.112/28 with gateway 88.198.238.113 on the OPT1 interface (set to 88.198.238.113) but I'm too dense to figure out how override the default route, which sends the packet to WAN. I obviously need to do something along the lines of route add -net 88.198.238.112/28 88.198.238.113 No, I believe you have what you want simply by specifying the IP and netmask on the the OPT1 interface. If there is a subnet other than 88.198.248.112/28 which you want to speak to across the OPT1 interface, you may want to specify the gateway, on the OPT1 interface, of the router which knows how to speak to that other subnet. Then you would add a static route. I've had that working with a private address range, so I was surprised this didn't work with the public IPs. Of course the reason it didn't work is that I made a typo. My second step will be adding static routes for a couple networks, using OPT1 as default gateway (this is a lab setup, I need to check carp+pfsync pfsense cluster failover before I put it into production). Exactly that. If you have OPT1 configured with that subnet, and traffic to that destination subnet is going out WAN, then you probably haven't enabled OPT1 or have its IP info wrong or maybe don't have that NIC plugged in. It was a mistake on my part -- typo in the OPT1 network. I actually checked for that, but made a second mistake in the hurry. Thanks everybody. -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE - To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense-discussion] override routes on WAN
On Sun, May 02, 2010 at 09:48:02AM -0400, Evgeny Yurchenko wrote: Eugen Leitl wrote: I'm attempting to simulate a production network 88.198.238.112/28 with gateway 88.198.238.113 on the OPT1 interface (set to 88.198.238.113) but I'm too dense to figure out how override the default route, which sends the packet to WAN. I obviously need to do something along the lines of route add -net 88.198.238.112/28 88.198.238.113 Help? Create two routes via web-interface: 1. On OPT1 0.0.0.0/1 to 88.198.238.113 This basically means everything goes to 88.198.238.113. 2. On OPT1 128.0.0.0/1 to 88.198.238.113 Can you explain what 128.0.0.0 is there for? It will replace your default route to WAN. Thanks, Evgeny. Is there a less nuclear option? I would like to keep the rest of the routes unperturbed, so I can consult other online sources while working on the new systems. Is that feasible? I have 3 NICs: WAN, OPT1 and LAN. I've bound the new network to OPT1. The systems in the network do not necessarily need Internet access, but it would be a nice to have. -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE - To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense-discussion] override routes on WAN
Eugen Leitl wrote: I'm attempting to simulate a production network 88.198.238.112/28 with gateway 88.198.238.113 on the OPT1 interface (set to 88.198.238.113) but I'm too dense to figure out how override the default route, which sends the packet to WAN. I obviously need to do something along the lines of route add -net 88.198.238.112/28 88.198.238.113 Sorry, it seems I misunderstood your question. Disregard my advices please. Evgeny. - To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org
