Re: [pfSense] Gateway on a gateway...
Thank you for replying MoJo .. So you recommend me removing pfsense acting as static routes router with real hardware routers ? Or ur asking me to add dynamic routing functionality to pfsense ? Thanks Faisal Sent from my HTC - Reply message - From: mOjO m...@thegeekclub.net To: pfSense Support and Discussion Mailing List list@lists.pfsense.org, dragonator dragona...@sleepydragon.net Subject: [pfSense]Gateway on a gateway... Date: Sat, May 17, 2014 10:07 AM On the pfSense firewall? Nothing. You need to change your routers. Ideally, your MPLS routers are using BGP. Then on the site 1 router under the BGP section you can tell it to advertise the 0.0.0.0 route by adding network 0.0.0.0 and make sure you have a static route on that router for 0.0.0.0 to the firewall. Site 2 should then use the MPLS router as their default gateway instead of the firewall. As an added bonus you can have site 2 failover to their local internet when the MPLS is down by adding a lower metric (255) default route that will kick in when the BGP advertised route disappears when the MPLS goes down. - Reply message - From: faisal.gill...@akesp.org faisal.gill...@akesp.org To: dragonator dragona...@sleepydragon.net, list@lists.pfsense.org Subject: [pfSense]Gateway on a gateway... Date: Fri, May 16, 2014 11:27 PM When i try to do this .. Pfsense gives me error that firewall is not local to my subnet which is .. 172.16.1.16 on subnet 255.255.248.0 Branch router is on 172.16.11.0/24 which connects to firewall subnet via MPLS provider router i.e 10.152.8.117/30 So what to do ? Regards Sent from my HTC - Reply message - From: dragonator dragona...@sleepydragon.net To: faisal.gill...@akesp.org, list@lists.pfsense.org Subject: [pfSense] Gateway on a gateway... Date: Sat, May 17, 2014 12:51 AM Change route on the site 2 gateway to route all traffic to that firewall. Sent via the Samsung Galaxy S™ III, an ATT 4G LTE smartphone Original message From: faisal.gill...@akesp.org Date: 05/15/2014 19:39 (GMT-05:00) To: pfSense Support and Discussion Mailing List list@lists.pfsense.org Subject: [pfSense] Gateway on a gateway... II have two networks connected together with an MPLS network all the clients on both networks can access each other. Site 1( 172.16.0.0/21) has a packet filtering multi WAN firewall (172.16.1.16) on its local subnet which local clients connect to use internet. Site 2 (172.16.11.0/24) clients connects to local router (172.16.11.17) which routes all site 1 destend traffic to site 1 router (172.16.0.17). all site 2 clients have the ip of site 2 router which is (172.16.11.17) in their default gateway.Now i want clients on site 2 to use my packet filtering firewall (172.16.1.16) for their internet needs so how do i define this which out breaking the already communication can anyone guide me in this ? Sent from my HTC ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Gateway on a gateway...
Am 17.05.2014 08:25, schrieb faisal.gill...@akesp.org: Thank you for replying MoJo .. So you recommend me removing pfsense acting as static routes router with real hardware routers ? Or ur asking me to add dynamic routing functionality to pfsense ? Thanks Faisal Sent from my HTC - Reply message - From: mOjO m...@thegeekclub.net To: pfSense Support and Discussion Mailing List list@lists.pfsense.org, dragonator dragona...@sleepydragon.net Subject: [pfSense]Gateway on a gateway... Date: Sat, May 17, 2014 10:07 AM On the pfSense firewall? Nothing. You need to change your routers. Ideally, your MPLS routers are using BGP. Then on the site 1 router under the BGP section you can tell it to advertise the 0.0.0.0 route by adding network 0.0.0.0 and make sure you have a static route on that router for 0.0.0.0 to the firewall. Site 2 should then use the MPLS router as their default gateway instead of the firewall. As an added bonus you can have site 2 failover to their local internet when the MPLS is down by adding a lower metric (255) default route that will kick in when the BGP advertised route disappears when the MPLS goes down. - Reply message - From: faisal.gill...@akesp.org faisal.gill...@akesp.org To: dragonator dragona...@sleepydragon.net, list@lists.pfsense.org Subject: [pfSense]Gateway on a gateway... Date: Fri, May 16, 2014 11:27 PM When i try to do this .. Pfsense gives me error that firewall is not local to my subnet which is .. 172.16.1.16 on subnet 255.255.248.0 Branch router is on 172.16.11.0/24 which connects to firewall subnet via MPLS provider router i.e 10.152.8.117/30 So what to do ? Regards Sent from my HTC - Reply message - From: dragonator dragona...@sleepydragon.net To: faisal.gill...@akesp.org, list@lists.pfsense.org Subject: [pfSense] Gateway on a gateway... Date: Sat, May 17, 2014 12:51 AM Change route on the site 2 gateway to route all traffic to that firewall. Sent via the Samsung Galaxy S^(TM) III, an ATT 4G LTE smartphone Original message From: faisal.gill...@akesp.org Date: 05/15/2014 19:39 (GMT-05:00) To: pfSense Support and Discussion Mailing List list@lists.pfsense.org Subject: [pfSense] Gateway on a gateway... II have two networks connected together with an MPLS network all the clients on both networks can access each other. Site 1( 172.16.0.0/21) has a packet filtering multi WAN firewall (172.16.1.16) on its local subnet which local clients connect to use internet. Site 2 (172.16.11.0/24) clients connects to local router (172.16.11.17) which routes all site 1 destend traffic to site 1 router (172.16.0.17). all site 2 clients have the ip of site 2 router which is (172.16.11.17) in their default gateway. Now i want clients on site 2 to use my packet filtering firewall (172.16.1.16) for their internet needs so how do i define this which out breaking the already communication can anyone guide me in this ? Sent from my HTC ___ List mailing list List@lists.pfsense.org mailto:List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list anyone able to reply to the list? ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Gateway on a gateway...
Hello, you can use pfSense as a BGP Router. There is a paket you can install. Also you can ask your ISP about the use of the Dynamic Routing Protokoll. Kind Regards Klaus Am 17.05.2014 um 20:14 schrieb J. Echter j.ech...@echter-kuechen-elektro.de: Am 17.05.2014 08:25, schrieb faisal.gill...@akesp.org: Thank you for replying MoJo .. So you recommend me removing pfsense acting as static routes router with real hardware routers ? Or ur asking me to add dynamic routing functionality to pfsense ? Thanks Faisal Sent from my HTC - Reply message - From: mOjO m...@thegeekclub.net To: pfSense Support and Discussion Mailing List list@lists.pfsense.org, dragonator dragona...@sleepydragon.net Subject: [pfSense]Gateway on a gateway... Date: Sat, May 17, 2014 10:07 AM On the pfSense firewall? Nothing. You need to change your routers. Ideally, your MPLS routers are using BGP. Then on the site 1 router under the BGP section you can tell it to advertise the 0.0.0.0 route by adding network 0.0.0.0 and make sure you have a static route on that router for 0.0.0.0 to the firewall. Site 2 should then use the MPLS router as their default gateway instead of the firewall. As an added bonus you can have site 2 failover to their local internet when the MPLS is down by adding a lower metric (255) default route that will kick in when the BGP advertised route disappears when the MPLS goes down. - Reply message - From: faisal.gill...@akesp.org faisal.gill...@akesp.org To: dragonator dragona...@sleepydragon.net, list@lists.pfsense.org Subject: [pfSense]Gateway on a gateway... Date: Fri, May 16, 2014 11:27 PM When i try to do this .. Pfsense gives me error that firewall is not local to my subnet which is .. 172.16.1.16 on subnet 255.255.248.0 Branch router is on 172.16.11.0/24 which connects to firewall subnet via MPLS provider router i.e 10.152.8.117/30 So what to do ? Regards Sent from my HTC - Reply message - From: dragonator dragona...@sleepydragon.net To: faisal.gill...@akesp.org, list@lists.pfsense.org Subject: [pfSense] Gateway on a gateway... Date: Sat, May 17, 2014 12:51 AM Change route on the site 2 gateway to route all traffic to that firewall. Sent via the Samsung Galaxy S™ III, an ATT 4G LTE smartphone Original message From: faisal.gill...@akesp.org Date: 05/15/2014 19:39 (GMT-05:00) To: pfSense Support and Discussion Mailing List list@lists.pfsense.org Subject: [pfSense] Gateway on a gateway... II have two networks connected together with an MPLS network all the clients on both networks can access each other. Site 1( 172.16.0.0/21) has a packet filtering multi WAN firewall (172.16.1.16) on its local subnet which local clients connect to use internet. Site 2 (172.16.11.0/24) clients connects to local router (172.16.11.17) which routes all site 1 destend traffic to site 1 router (172.16.0.17). all site 2 clients have the ip of site 2 router which is (172.16.11.17) in their default gateway. Now i want clients on site 2 to use my packet filtering firewall (172.16.1.16) for their internet needs so how do i define this which out breaking the already communication can anyone guide me in this ? Sent from my HTC ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list anyone able to reply to the list? ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list smime.p7s Description: S/MIME cryptographic signature ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Gateway on a gateway...
Tell your provider to do what mojo said. Or set it up yourself if you have access to the provider routers. Third option is VPN between the pfsense boxes so you can override the routing. 17. mai 2014 21:53 skrev Klaus Wunder kl...@net-wunder.de følgende: Hello, you can use pfSense as a BGP Router. There is a paket you can install. Also you can ask your ISP about the use of the Dynamic Routing Protokoll. Kind Regards Klaus Am 17.05.2014 um 20:14 schrieb J. Echter j.ech...@echter-kuechen-elektro.de: Am 17.05.2014 08:25, schrieb faisal.gill...@akesp.org: Thank you for replying MoJo .. So you recommend me removing pfsense acting as static routes router with real hardware routers ? Or ur asking me to add dynamic routing functionality to pfsense ? Thanks Faisal Sent from my HTC - Reply message - From: mOjO m...@thegeekclub.net m...@thegeekclub.net To: pfSense Support and Discussion Mailing List list@lists.pfsense.orglist@lists.pfsense.org, dragonator dragona...@sleepydragon.net dragona...@sleepydragon.net Subject: [pfSense]Gateway on a gateway... Date: Sat, May 17, 2014 10:07 AM On the pfSense firewall? Nothing. You need to change your routers. Ideally, your MPLS routers are using BGP. Then on the site 1 router under the BGP section you can tell it to advertise the 0.0.0.0 route by adding network 0.0.0.0 and make sure you have a static route on that router for 0.0.0.0 to the firewall. Site 2 should then use the MPLS router as their default gateway instead of the firewall. As an added bonus you can have site 2 failover to their local internet when the MPLS is down by adding a lower metric (255) default route that will kick in when the BGP advertised route disappears when the MPLS goes down. - Reply message - From: faisal.gill...@akesp.org faisal.gill...@akesp.org faisal.gill...@akesp.org faisal.gill...@akesp.org To: dragonator dragona...@sleepydragon.netdragona...@sleepydragon.net, list@lists.pfsense.org list@lists.pfsense.org Subject: [pfSense]Gateway on a gateway... Date: Fri, May 16, 2014 11:27 PM When i try to do this .. Pfsense gives me error that firewall is not local to my subnet which is .. 172.16.1.16 on subnet 255.255.248.0 Branch router is on 172.16.11.0/24 which connects to firewall subnet via MPLS provider router i.e 10.152.8.117/30 So what to do ? Regards Sent from my HTC - Reply message - From: dragonator dragona...@sleepydragon.netdragona...@sleepydragon.net To: faisal.gill...@akesp.org faisal.gill...@akesp.org, list@lists.pfsense.org list@lists.pfsense.org Subject: [pfSense] Gateway on a gateway... Date: Sat, May 17, 2014 12:51 AM Change route on the site 2 gateway to route all traffic to that firewall. Sent via the Samsung Galaxy S™ III, an ATT 4G LTE smartphone Original message From: faisal.gill...@akesp.org Date: 05/15/2014 19:39 (GMT-05:00) To: pfSense Support and Discussion Mailing List list@lists.pfsense.orglist@lists.pfsense.org Subject: [pfSense] Gateway on a gateway... II have two networks connected together with an MPLS network all the clients on both networks can access each other. Site 1( 172.16.0.0/21) has a packet filtering multi WAN firewall (172.16.1.16) on its local subnet which local clients connect to use internet. Site 2 (172.16.11.0/24) clients connects to local router (172.16.11.17) which routes all site 1 destend traffic to site 1 router (172.16.0.17). all site 2 clients have the ip of site 2 router which is (172.16.11.17) in their default gateway. Now i want clients on site 2 to use my packet filtering firewall (172.16.1.16) for their internet needs so how do i define this which out breaking the already communication can anyone guide me in this ? Sent from my HTC ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing listList@lists.pfsense.orghttps://lists.pfsense.org/mailman/listinfo/list anyone able to reply to the list? ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Gateway on a gateway...
When i try to do this .. Pfsense gives me error that firewall is not local to my subnet which is .. 172.16.1.16 on subnet 255.255.248.0 Branch router is on 172.16.11.0/24 which connects to firewall subnet via MPLS provider router i.e 10.152.8.117/30 So what to do ? Regards Sent from my HTC - Reply message - From: dragonator dragona...@sleepydragon.net To: faisal.gill...@akesp.org, list@lists.pfsense.org Subject: [pfSense] Gateway on a gateway... Date: Sat, May 17, 2014 12:51 AM Change route on the site 2 gateway to route all traffic to that firewall. Sent via the Samsung Galaxy S™ III, an ATT 4G LTE smartphone Original message From: faisal.gill...@akesp.org Date: 05/15/2014 19:39 (GMT-05:00) To: pfSense Support and Discussion Mailing List list@lists.pfsense.org Subject: [pfSense] Gateway on a gateway... II have two networks connected together with an MPLS network all the clients on both networks can access each other. Site 1( 172.16.0.0/21) has a packet filtering multi WAN firewall (172.16.1.16) on its local subnet which local clients connect to use internet. Site 2 (172.16.11.0/24) clients connects to local router (172.16.11.17) which routes all site 1 destend traffic to site 1 router (172.16.0.17). all site 2 clients have the ip of site 2 router which is (172.16.11.17) in their default gateway.Now i want clients on site 2 to use my packet filtering firewall (172.16.1.16) for their internet needs so how do i define this which out breaking the already communication can anyone guide me in this ? Sent from my HTC ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Gateway on a gateway...
On the pfSense firewall? Nothing. You need to change your routers. Ideally, your MPLS routers are using BGP. Then on the site 1 router under the BGP section you can tell it to advertise the 0.0.0.0 route by adding network 0.0.0.0 and make sure you have a static route on that router for 0.0.0.0 to the firewall. Site 2 should then use the MPLS router as their default gateway instead of the firewall. As an added bonus you can have site 2 failover to their local internet when the MPLS is down by adding a lower metric (255) default route that will kick in when the BGP advertised route disappears when the MPLS goes down. - Reply message - From: faisal.gill...@akesp.org faisal.gill...@akesp.org To: dragonator dragona...@sleepydragon.net, list@lists.pfsense.org Subject: [pfSense]Gateway on a gateway... Date: Fri, May 16, 2014 11:27 PM When i try to do this .. Pfsense gives me error that firewall is not local to my subnet which is .. 172.16.1.16 on subnet 255.255.248.0 Branch router is on 172.16.11.0/24 which connects to firewall subnet via MPLS provider router i.e 10.152.8.117/30 So what to do ? Regards Sent from my HTC - Reply message - From: dragonator dragona...@sleepydragon.net To: faisal.gill...@akesp.org, list@lists.pfsense.org Subject: [pfSense] Gateway on a gateway... Date: Sat, May 17, 2014 12:51 AM Change route on the site 2 gateway to route all traffic to that firewall. Sent via the Samsung Galaxy S™ III, an ATT 4G LTE smartphone Original message From: faisal.gill...@akesp.org Date: 05/15/2014 19:39 (GMT-05:00) To: pfSense Support and Discussion Mailing List list@lists.pfsense.org Subject: [pfSense] Gateway on a gateway... II have two networks connected together with an MPLS network all the clients on both networks can access each other. Site 1( 172.16.0.0/21) has a packet filtering multi WAN firewall (172.16.1.16) on its local subnet which local clients connect to use internet. Site 2 (172.16.11.0/24) clients connects to local router (172.16.11.17) which routes all site 1 destend traffic to site 1 router (172.16.0.17). all site 2 clients have the ip of site 2 router which is (172.16.11.17) in their default gateway.Now i want clients on site 2 to use my packet filtering firewall (172.16.1.16) for their internet needs so how do i define this which out breaking the already communication can anyone guide me in this ? Sent from my HTC ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
