Re: [pfSense-discussion] override routes on WAN
On Sun, May 02, 2010 at 04:36:00PM -0400, Chris Buechler wrote: > On Sun, May 2, 2010 at 2:30 PM, Scott Lambert wrote: > > On Sun, May 02, 2010 at 01:03:50PM +0200, Eugen Leitl wrote: > >> I'm attempting to simulate a production network 88.198.238.112/28 > >> with gateway 88.198.238.113 on the OPT1 interface (set to 88.198.238.113) > >> but I'm too dense to figure out how override the default route, which sends > >> the packet to WAN. > >> > >> I obviously need to do something along the lines of > >> route add -net 88.198.238.112/28 88.198.238.113 > > > > No, I believe you have what you want simply by specifying the IP and > > netmask on the the OPT1 interface. If there is a subnet other than > > 88.198.248.112/28 which you want to speak to across the OPT1 interface, > > you may want to specify the gateway, on the OPT1 interface, of the > > router which knows how to speak to that other subnet. Then you would > > add a static route. I've had that working with a private address range, so I was surprised this didn't work with the public IPs. Of course the reason it didn't work is that I made a typo. My second step will be adding static routes for a couple networks, using OPT1 as default gateway (this is a lab setup, I need to check carp+pfsync pfsense cluster failover before I put it into production). > > > > Exactly that. If you have OPT1 configured with that subnet, and > traffic to that destination subnet is going out WAN, then you probably > haven't enabled OPT1 or have its IP info wrong or maybe don't have > that NIC plugged in. It was a mistake on my part -- typo in the OPT1 network. I actually checked for that, but made a second mistake in the hurry. Thanks everybody. -- Eugen* Leitl http://leitl.org";>leitl http://leitl.org __ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE - To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense-discussion] override routes on WAN
- "Eugen Leitl" wrote: > I'm attempting to simulate a production network 88.198.238.112/28 > with gateway 88.198.238.113 on the OPT1 interface (set to > 88.198.238.113) > but I'm too dense to figure out how override the default route, which > sends > the packet to WAN. > > I obviously need to do something along the lines of > route add -net 88.198.238.112/28 88.198.238.113 I'm not quite understanding but:- To route traffic you need distinct sub-nets. If you have the same subnet (or an overlap) on two interfaces of the pfsense box this is effectively an un-routable combination. Setting the gateway is something that happens on the client machine either by DHCP or manual settings carried out localy. The pfSense box will have a default route to it's next hop/gateway. Are attempting to set the clinet routing or pfSense routing when you talk about route add -net 88.198.238.112/28 88.198.238.113? The production network and the test network need total isolation with their own routes to the internet in order to get the routing to work without a lot of hassle Rob > > Help? > > -- > Eugen* Leitl http://leitl.org";>leitl http://leitl.org > __ > ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org > 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE > > - > To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com > For additional commands, e-mail: discussion-h...@pfsense.com > > Commercial support available - https://portal.pfsense.org Blue Chip Technology Limited. Chowley Oak Lane, Tattenhall, Chester, Cheshire CH3 9EX - To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense-discussion] override routes on WAN
Eugen Leitl wrote: I'm attempting to simulate a production network 88.198.238.112/28 with gateway 88.198.238.113 on the OPT1 interface (set to 88.198.238.113) but I'm too dense to figure out how override the default route, which sends the packet to WAN. I obviously need to do something along the lines of route add -net 88.198.238.112/28 88.198.238.113 Sorry, it seems I misunderstood your question. Disregard my advices please. Evgeny. - To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense-discussion] override routes on WAN
On Sun, May 2, 2010 at 2:30 PM, Scott Lambert wrote: > On Sun, May 02, 2010 at 01:03:50PM +0200, Eugen Leitl wrote: >> I'm attempting to simulate a production network 88.198.238.112/28 >> with gateway 88.198.238.113 on the OPT1 interface (set to 88.198.238.113) >> but I'm too dense to figure out how override the default route, which sends >> the packet to WAN. >> >> I obviously need to do something along the lines of >> route add -net 88.198.238.112/28 88.198.238.113 > > No, I believe you have what you want simply by specifying the IP and > netmask on the the OPT1 interface. If there is a subnet other than > 88.198.248.112/28 which you want to speak to across the OPT1 interface, > you may want to specify the gateway, on the OPT1 interface, of the > router which knows how to speak to that other subnet. Then you would > add a static route. > Exactly that. If you have OPT1 configured with that subnet, and traffic to that destination subnet is going out WAN, then you probably haven't enabled OPT1 or have its IP info wrong or maybe don't have that NIC plugged in. - To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense-discussion] override routes on WAN
On Sun, May 02, 2010 at 01:03:50PM +0200, Eugen Leitl wrote: > I'm attempting to simulate a production network 88.198.238.112/28 > with gateway 88.198.238.113 on the OPT1 interface (set to 88.198.238.113) > but I'm too dense to figure out how override the default route, which sends > the packet to WAN. > > I obviously need to do something along the lines of > route add -net 88.198.238.112/28 88.198.238.113 No, I believe you have what you want simply by specifying the IP and netmask on the the OPT1 interface. If there is a subnet other than 88.198.248.112/28 which you want to speak to across the OPT1 interface, you may want to specify the gateway, on the OPT1 interface, of the router which knows how to speak to that other subnet. Then you would add a static route. But to do what you specified that you want, just configure the OPT1 interface to be: Type: static Bridge with: none IP address 88.198.238.113 / 28 You do not need to specify a Gateway address unless you are using OPT1 as another WAN type interface. That is all it takes. The Operating System is intelligent enough to figure out that 88.198.238.112/28 is directly attached to the OPT1 interface and that 88.198.238.112/28 is a more specific route than 0.0.0.0/0. So it will send the traffic out that way. -- Scott LambertKC5MLE Unix SysAdmin lamb...@lambertfam.org - To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense-discussion] override routes on WAN
Eugen Leitl wrote: On Sun, May 02, 2010 at 09:48:02AM -0400, Evgeny Yurchenko wrote: Eugen Leitl wrote: I'm attempting to simulate a production network 88.198.238.112/28 with gateway 88.198.238.113 on the OPT1 interface (set to 88.198.238.113) but I'm too dense to figure out how override the default route, which sends the packet to WAN. I obviously need to do something along the lines of route add -net 88.198.238.112/28 88.198.238.113 Help? Create two routes via web-interface: 1. On OPT1 0.0.0.0/1 to 88.198.238.113 This basically means everything goes to 88.198.238.113. Not everything, "only" 0.0.0.0 to 127.255.255.255. 2. On OPT1 128.0.0.0/1 to 88.198.238.113 Can you explain what 128.0.0.0 is there for? Range 128.0.0.0 to 255.255.255.255. It will replace your default route to WAN. Thanks, Evgeny. Is there a less nuclear option? I thought this what you wanted. I would like to keep the rest of the routes unperturbed, so I can consult other online sources while working on the new systems. All other routes will not be touched. This way you redefine only default route on your pfSense box. Is that feasible? I have 3 NICs: WAN, OPT1 and LAN. I've bound the new network to OPT1. The systems in the network do not necessarily need Internet access, but it would be a nice to have. May be I misunderstood your task. it does not look like you have ISP on your OPT interface... Are you sure you want to replace default route? - To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense-discussion] override routes on WAN
On Sun, May 02, 2010 at 09:48:02AM -0400, Evgeny Yurchenko wrote: > Eugen Leitl wrote: > >I'm attempting to simulate a production network 88.198.238.112/28 > >with gateway 88.198.238.113 on the OPT1 interface (set to 88.198.238.113) > >but I'm too dense to figure out how override the default route, which sends > >the packet to WAN. > > > >I obviously need to do something along the lines of > >route add -net 88.198.238.112/28 88.198.238.113 > > > >Help? > > > > > Create two routes via web-interface: > 1. On OPT1 0.0.0.0/1 to 88.198.238.113 This basically means everything goes to 88.198.238.113. > 2. On OPT1 128.0.0.0/1 to 88.198.238.113 Can you explain what 128.0.0.0 is there for? > It will replace your default route to WAN. Thanks, Evgeny. Is there a less nuclear option? I would like to keep the rest of the routes unperturbed, so I can consult other online sources while working on the new systems. Is that feasible? I have 3 NICs: WAN, OPT1 and LAN. I've bound the new network to OPT1. The systems in the network do not necessarily need Internet access, but it would be a nice to have. -- Eugen* Leitl http://leitl.org";>leitl http://leitl.org __ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE - To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense-discussion] override routes on WAN
Eugen Leitl wrote: I'm attempting to simulate a production network 88.198.238.112/28 with gateway 88.198.238.113 on the OPT1 interface (set to 88.198.238.113) but I'm too dense to figure out how override the default route, which sends the packet to WAN. I obviously need to do something along the lines of route add -net 88.198.238.112/28 88.198.238.113 Help? Create two routes via web-interface: 1. On OPT1 0.0.0.0/1 to 88.198.238.113 2. On OPT1 128.0.0.0/1 to 88.198.238.113 It will replace your default route to WAN. Evgeny. - To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense-discussion] override routes on WAN
I'm attempting to simulate a production network 88.198.238.112/28 with gateway 88.198.238.113 on the OPT1 interface (set to 88.198.238.113) but I'm too dense to figure out how override the default route, which sends the packet to WAN. I obviously need to do something along the lines of route add -net 88.198.238.112/28 88.198.238.113 Help? -- Eugen* Leitl http://leitl.org";>leitl http://leitl.org __ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE - To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org
