Re: [pfSense] Gateway on a gateway...
Tell your provider to do what mojo said. Or set it up yourself if you have access to the provider routers. Third option is VPN between the pfsense boxes so you can override the routing. 17. mai 2014 21:53 skrev "Klaus Wunder" følgende: > Hello, > > you can use pfSense as a BGP > Router. There is a paket you can install. > > Also you can ask your ISP about the use of the Dynamic Routing Protokoll. > > Kind Regards > > Klaus > > Am 17.05.2014 um 20:14 schrieb "J. Echter" < > j.ech...@echter-kuechen-elektro.de>: > > Am 17.05.2014 08:25, schrieb faisal.gill...@akesp.org: > > Thank you for replying MoJo .. > So you recommend me removing pfsense acting as static routes router with > real hardware routers ? Or ur asking me to add dynamic routing > functionality to pfsense ? > > Thanks > Faisal > > > Sent from my HTC > > - Reply message - > From: "mOjO" > To: "pfSense Support and Discussion Mailing List" > , > "dragonator" > Subject: [pfSense]Gateway on a gateway... > Date: Sat, May 17, 2014 10:07 AM > > On the pfSense firewall? Nothing. > You need to change your routers. > Ideally, your MPLS routers are using BGP. Then on the site 1 router under > the BGP section you can tell it to advertise the 0.0.0.0 route by adding > "network 0.0.0.0" and make sure you have a static route on that router for > 0.0.0.0 to the firewall. Site 2 should then use the MPLS router as their > default gateway instead of the firewall. As an added bonus you can have > site 2 failover to their local internet when the MPLS is down by adding a > lower metric (255) default route that will kick in when the BGP advertised > route disappears when the MPLS goes down. > > > > - Reply message - > From: "faisal.gill...@akesp.org" > > To: "dragonator" , > > Subject: [pfSense]Gateway on a gateway... > Date: Fri, May 16, 2014 11:27 PM > > When i try to do this .. Pfsense gives me error that firewall is not > local to my subnet which is .. > 172.16.1.16 on subnet 255.255.248.0 > Branch router is on 172.16.11.0/24 which connects to firewall subnet via > MPLS provider router i.e 10.152.8.117/30 > > So what to do ? > > Regards > > Sent from my HTC > > - Reply message - > From: "dragonator" > To: , > > Subject: [pfSense] Gateway on a gateway... > Date: Sat, May 17, 2014 12:51 AM > > Change route on the site 2 gateway to route all traffic to that firewall. > > > Sent via the Samsung Galaxy S™ III, an AT&T 4G LTE smartphone > > > > Original message > From: faisal.gill...@akesp.org > Date: 05/15/2014 19:39 (GMT-05:00) > To: pfSense Support and Discussion Mailing List > > Subject: [pfSense] Gateway on a gateway... > > > II have two networks connected together with an MPLS network all the > clients on both networks can access each other. > Site 1( 172.16.0.0/21) has a packet filtering multi WAN firewall > (172.16.1.16) on its local subnet which local clients connect to use > internet. > Site 2 (172.16.11.0/24) clients connects to local router (172.16.11.17) > which routes all site 1 destend traffic to site 1 router (172.16.0.17). all > site 2 clients have the ip of site 2 router which is (172.16.11.17) in > their default gateway. > > Now i want clients on site 2 to use my packet filtering firewall > (172.16.1.16) for their internet needs so how do i define this which out > breaking the already communication > > can anyone guide me in this ? > > Sent from my HTC > > ___ > List mailing list > List@lists.pfsense.org > https://lists.pfsense.org/mailman/listinfo/list > > > > > ___ > List mailing > listList@lists.pfsense.orghttps://lists.pfsense.org/mailman/listinfo/list > > anyone able to reply to the list? > > ___ > List mailing list > List@lists.pfsense.org > https://lists.pfsense.org/mailman/listinfo/list > > > ___ > List mailing list > List@lists.pfsense.org > https://lists.pfsense.org/mailman/listinfo/list > ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Gateway on a gateway...
Hello, you can use pfSense as a BGP Router. There is a paket you can install. Also you can ask your ISP about the use of the Dynamic Routing Protokoll. Kind Regards Klaus > Am 17.05.2014 um 20:14 schrieb "J. Echter" > : > > Am 17.05.2014 08:25, schrieb faisal.gill...@akesp.org: >> Thank you for replying MoJo .. >> So you recommend me removing pfsense acting as static routes router with >> real hardware routers ? Or ur asking me to add dynamic routing functionality >> to pfsense ? >> >> Thanks >> Faisal >> >> >> Sent from my HTC >> >> - Reply message - >> From: "mOjO" >> To: "pfSense Support and Discussion Mailing List" , >> "dragonator" >> Subject: [pfSense]Gateway on a gateway... >> Date: Sat, May 17, 2014 10:07 AM >> >> On the pfSense firewall? Nothing. >> You need to change your routers. >> Ideally, your MPLS routers are using BGP. Then on the site 1 router under >> the BGP section you can tell it to advertise the 0.0.0.0 route by adding >> "network 0.0.0.0" and make sure you have a static route on that router for >> 0.0.0.0 to the firewall. Site 2 should then use the MPLS router as their >> default gateway instead of the firewall. As an added bonus you can have >> site 2 failover to their local internet when the MPLS is down by adding a >> lower metric (255) default route that will kick in when the BGP advertised >> route disappears when the MPLS goes down. >> >> >> >> - Reply message - >> From: "faisal.gill...@akesp.org" >> To: "dragonator" , >> Subject: [pfSense]Gateway on a gateway... >> Date: Fri, May 16, 2014 11:27 PM >> >> When i try to do this .. Pfsense gives me error that firewall is not local >> to my subnet which is .. >> 172.16.1.16 on subnet 255.255.248.0 >> Branch router is on 172.16.11.0/24 which connects to firewall subnet via >> MPLS provider router i.e 10.152.8.117/30 >> >> So what to do ? >> >> Regards >> >> Sent from my HTC >> >> - Reply message - >> From: "dragonator" >> To: , >> Subject: [pfSense] Gateway on a gateway... >> Date: Sat, May 17, 2014 12:51 AM >> >> Change route on the site 2 gateway to route all traffic to that firewall. >> >> >> Sent via the Samsung Galaxy S™ III, an AT&T 4G LTE smartphone >> >> >> >> Original message >> From: faisal.gill...@akesp.org >> Date: 05/15/2014 19:39 (GMT-05:00) >> To: pfSense Support and Discussion Mailing List >> Subject: [pfSense] Gateway on a gateway... >> >> >> II have two networks connected together with an MPLS network all the clients >> on both networks can access each other. >> Site 1( 172.16.0.0/21) has a packet filtering multi WAN firewall >> (172.16.1.16) on its local subnet which local clients connect to use >> internet. >> Site 2 (172.16.11.0/24) clients connects to local router (172.16.11.17) >> which routes all site 1 destend traffic to site 1 router (172.16.0.17). all >> site 2 clients have the ip of site 2 router which is (172.16.11.17) in their >> default gateway. >> >> Now i want clients on site 2 to use my packet filtering firewall >> (172.16.1.16) for their internet needs so how do i define this which out >> breaking the already communication >> can anyone guide me in this ? >> >> >> Sent from my HTC >> >> ___ >> List mailing list >> List@lists.pfsense.org >> https://lists.pfsense.org/mailman/listinfo/list >> >> >> >> ___ >> List mailing list >> List@lists.pfsense.org >> https://lists.pfsense.org/mailman/listinfo/list > anyone able to reply to the list? > ___ > List mailing list > List@lists.pfsense.org > https://lists.pfsense.org/mailman/listinfo/list smime.p7s Description: S/MIME cryptographic signature ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Gateway on a gateway...
Am 17.05.2014 08:25, schrieb faisal.gill...@akesp.org: > Thank you for replying MoJo .. > So you recommend me removing pfsense acting as static routes router > with real hardware routers ? Or ur asking me to add dynamic routing > functionality to pfsense ? > > Thanks > Faisal > > > Sent from my HTC > > - Reply message - > From: "mOjO" > To: "pfSense Support and Discussion Mailing List" > , "dragonator" > Subject: [pfSense]Gateway on a gateway... > Date: Sat, May 17, 2014 10:07 AM > > On the pfSense firewall? Nothing. > You need to change your routers. > Ideally, your MPLS routers are using BGP. Then on the site 1 router > under the BGP section you can tell it to advertise the 0.0.0.0 route > by adding "network 0.0.0.0" and make sure you have a static route on > that router for 0.0.0.0 to the firewall. Site 2 should then use the > MPLS router as their default gateway instead of the firewall. As an > added bonus you can have site 2 failover to their local internet when > the MPLS is down by adding a lower metric (255) default route that > will kick in when the BGP advertised route disappears when the MPLS > goes down. > > > > - Reply message - > From: "faisal.gill...@akesp.org" > To: "dragonator" , > Subject: [pfSense]Gateway on a gateway... > Date: Fri, May 16, 2014 11:27 PM > > When i try to do this .. Pfsense gives me error that firewall is not > local to my subnet which is .. > 172.16.1.16 on subnet 255.255.248.0 > Branch router is on 172.16.11.0/24 which connects to firewall subnet > via MPLS provider router i.e 10.152.8.117/30 > > So what to do ? > > Regards > > Sent from my HTC > > - Reply message - > From: "dragonator" > To: , > Subject: [pfSense] Gateway on a gateway... > Date: Sat, May 17, 2014 12:51 AM > > Change route on the site 2 gateway to route all traffic to that firewall. > > > Sent via the Samsung Galaxy S^(TM) III, an AT&T 4G LTE smartphone > > > > Original message > From: faisal.gill...@akesp.org > Date: 05/15/2014 19:39 (GMT-05:00) > To: pfSense Support and Discussion Mailing List > Subject: [pfSense] Gateway on a gateway... > > > II have two networks connected together with an MPLS network all > the clients on both networks can access each other. > Site 1( 172.16.0.0/21) has a packet filtering multi WAN firewall > (172.16.1.16) on its local subnet which local clients connect to > use internet. > Site 2 (172.16.11.0/24) clients connects to local router > (172.16.11.17) which routes all site 1 destend traffic to site 1 > router (172.16.0.17). all site 2 clients have the ip of site 2 > router which is (172.16.11.17) in their default gateway. > > Now i want clients on site 2 to use my packet filtering firewall > (172.16.1.16) for their internet needs so how do i define this > which out breaking the already communication > > can anyone guide me in this ? > > > Sent from my HTC > > ___ > List mailing list > List@lists.pfsense.org <mailto:List@lists.pfsense.org> > https://lists.pfsense.org/mailman/listinfo/list > > > > > ___ > List mailing list > List@lists.pfsense.org > https://lists.pfsense.org/mailman/listinfo/list anyone able to reply to the list? ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Gateway on a gateway...
Thank you for replying MoJo .. So you recommend me removing pfsense acting as static routes router with real hardware routers ? Or ur asking me to add dynamic routing functionality to pfsense ? Thanks Faisal Sent from my HTC - Reply message - From: "mOjO" To: "pfSense Support and Discussion Mailing List" , "dragonator" Subject: [pfSense]Gateway on a gateway... Date: Sat, May 17, 2014 10:07 AM On the pfSense firewall? Nothing. You need to change your routers. Ideally, your MPLS routers are using BGP. Then on the site 1 router under the BGP section you can tell it to advertise the 0.0.0.0 route by adding "network 0.0.0.0" and make sure you have a static route on that router for 0.0.0.0 to the firewall. Site 2 should then use the MPLS router as their default gateway instead of the firewall. As an added bonus you can have site 2 failover to their local internet when the MPLS is down by adding a lower metric (255) default route that will kick in when the BGP advertised route disappears when the MPLS goes down. - Reply message - From: "faisal.gill...@akesp.org" To: "dragonator" , Subject: [pfSense]Gateway on a gateway... Date: Fri, May 16, 2014 11:27 PM When i try to do this .. Pfsense gives me error that firewall is not local to my subnet which is .. 172.16.1.16 on subnet 255.255.248.0 Branch router is on 172.16.11.0/24 which connects to firewall subnet via MPLS provider router i.e 10.152.8.117/30 So what to do ? Regards Sent from my HTC ----- Reply message ----- From: "dragonator" To: , Subject: [pfSense] Gateway on a gateway... Date: Sat, May 17, 2014 12:51 AM Change route on the site 2 gateway to route all traffic to that firewall. Sent via the Samsung Galaxy S™ III, an AT&T 4G LTE smartphone Original message From: faisal.gill...@akesp.org Date: 05/15/2014 19:39 (GMT-05:00) To: pfSense Support and Discussion Mailing List Subject: [pfSense] Gateway on a gateway... II have two networks connected together with an MPLS network all the clients on both networks can access each other. Site 1( 172.16.0.0/21) has a packet filtering multi WAN firewall (172.16.1.16) on its local subnet which local clients connect to use internet. Site 2 (172.16.11.0/24) clients connects to local router (172.16.11.17) which routes all site 1 destend traffic to site 1 router (172.16.0.17). all site 2 clients have the ip of site 2 router which is (172.16.11.17) in their default gateway.Now i want clients on site 2 to use my packet filtering firewall (172.16.1.16) for their internet needs so how do i define this which out breaking the already communication can anyone guide me in this ? Sent from my HTC ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Gateway on a gateway...
On the pfSense firewall? Nothing. You need to change your routers. Ideally, your MPLS routers are using BGP. Then on the site 1 router under the BGP section you can tell it to advertise the 0.0.0.0 route by adding "network 0.0.0.0" and make sure you have a static route on that router for 0.0.0.0 to the firewall. Site 2 should then use the MPLS router as their default gateway instead of the firewall. As an added bonus you can have site 2 failover to their local internet when the MPLS is down by adding a lower metric (255) default route that will kick in when the BGP advertised route disappears when the MPLS goes down. - Reply message - From: "faisal.gill...@akesp.org" To: "dragonator" , Subject: [pfSense]Gateway on a gateway... Date: Fri, May 16, 2014 11:27 PM When i try to do this .. Pfsense gives me error that firewall is not local to my subnet which is .. 172.16.1.16 on subnet 255.255.248.0 Branch router is on 172.16.11.0/24 which connects to firewall subnet via MPLS provider router i.e 10.152.8.117/30 So what to do ? Regards Sent from my HTC - Reply message - From: "dragonator" To: , Subject: [pfSense] Gateway on a gateway... Date: Sat, May 17, 2014 12:51 AM Change route on the site 2 gateway to route all traffic to that firewall. Sent via the Samsung Galaxy S™ III, an AT&T 4G LTE smartphone Original message From: faisal.gill...@akesp.org Date: 05/15/2014 19:39 (GMT-05:00) To: pfSense Support and Discussion Mailing List Subject: [pfSense] Gateway on a gateway... II have two networks connected together with an MPLS network all the clients on both networks can access each other. Site 1( 172.16.0.0/21) has a packet filtering multi WAN firewall (172.16.1.16) on its local subnet which local clients connect to use internet. Site 2 (172.16.11.0/24) clients connects to local router (172.16.11.17) which routes all site 1 destend traffic to site 1 router (172.16.0.17). all site 2 clients have the ip of site 2 router which is (172.16.11.17) in their default gateway.Now i want clients on site 2 to use my packet filtering firewall (172.16.1.16) for their internet needs so how do i define this which out breaking the already communication can anyone guide me in this ? Sent from my HTC ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Gateway on a gateway...
When i try to do this .. Pfsense gives me error that firewall is not local to my subnet which is .. 172.16.1.16 on subnet 255.255.248.0 Branch router is on 172.16.11.0/24 which connects to firewall subnet via MPLS provider router i.e 10.152.8.117/30 So what to do ? Regards Sent from my HTC - Reply message - From: "dragonator" To: , Subject: [pfSense] Gateway on a gateway... Date: Sat, May 17, 2014 12:51 AM Change route on the site 2 gateway to route all traffic to that firewall. Sent via the Samsung Galaxy S™ III, an AT&T 4G LTE smartphone Original message From: faisal.gill...@akesp.org Date: 05/15/2014 19:39 (GMT-05:00) To: pfSense Support and Discussion Mailing List Subject: [pfSense] Gateway on a gateway... II have two networks connected together with an MPLS network all the clients on both networks can access each other. Site 1( 172.16.0.0/21) has a packet filtering multi WAN firewall (172.16.1.16) on its local subnet which local clients connect to use internet. Site 2 (172.16.11.0/24) clients connects to local router (172.16.11.17) which routes all site 1 destend traffic to site 1 router (172.16.0.17). all site 2 clients have the ip of site 2 router which is (172.16.11.17) in their default gateway.Now i want clients on site 2 to use my packet filtering firewall (172.16.1.16) for their internet needs so how do i define this which out breaking the already communication can anyone guide me in this ? Sent from my HTC ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
[pfSense] Gateway on a gateway...
II have two networks connected together with an MPLS network all the clients on both networks can access each other. Site 1( 172.16.0.0/21) has a packet filtering multi WAN firewall (172.16.1.16) on its local subnet which local clients connect to use internet. Site 2 (172.16.11.0/24) clients connects to local router (172.16.11.17) which routes all site 1 destend traffic to site 1 router (172.16.0.17). all site 2 clients have the ip of site 2 router which is (172.16.11.17) in their default gateway.Now i want clients on site 2 to use my packet filtering firewall (172.16.1.16) for their internet needs so how do i define this which out breaking the already communication can anyone guide me in this ? Sent from my HTC ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
