Static Routing

[Enf]

Hi all, I'm doing static routing between 2 networks but it seems to be failing. Here's the scenario.

LAN1 (IP: 10.0.0.1  NET: 10.0.0.0/24) -- LAN2 (IP: 10.0.1.1 NET: 10.0.1.0/24)

On my FreeBSD router on LAN1, I've the following entry on my /etc/rc.conf

gateway_enable="YES"
static_routes="LAN2"
route_kvm="-net 10.0.1.0/24 10.0.0.1"

and on my netstat -rn it shows

10.0.1.0/24     10.0.0.1       UGS         0       65    rl2

and on LAN2, it's identical but it's just the reverse. I've tried to ping from one of my machines in LAN and I'm getting replies but when I try to ssh into the machines behind LAN2, I'll be getting connection time out instead. If I add the static routing options on my LAN's machine level, it seems to work without a hickup, would anyone know if I left out something? Thanks in advance.

 

[mickey]

If the machine has two network interfaces, which directly connect to LAN1 and LAN2, you should not need to set up any static routes at all, as the machine already knows how to route between those two networks from the corresponding address/netmask values.

 

[Enf]

Sadly, that's not the case. The setup I have at the moment interconnects the LAN with a single NIC and it seems to be failing.

 

[SirDice]

Please post the output of ifconfig and netstat -nr.

 

[vivek]

static_routes="LAN2"
route_kvm="-net 10.0.1.0/24 10.0.0.1"

kvm is not defined, should be LAN2

static_routes="LAN2"
route_LAN2="-net 10.0.1.0/24 10.0.0.1"

You also need to setup default route, so the following is correct syntax:

defaultrouter="your-default-route-here"
static_routes="lan1 lan2"
route_lan1="-net net1/mask1 router_ip1"
route_lan2="-net net2/mask2 router_ip2"

See FreeBSD static routing howto

 

[Enf]

I've updated some of my configurations. Now there's even more route to sort. The following is the setup at the moment.

Gateway #1 (FreeBSD Box)
NIC 1 (rl0): Dials to ISP (PPPoE)
NIC 2 (rl1): LAN (IP: 192.168.3.1 NET: 192.168.3.0/24)
NIC 3 (rl2): DMZ (IP: 10.10.10.1 NET: 10.10.10.0/24)

Gateway #2 (FreeBSD Box)
NIC 1 (rl0): Dials to ISP (PPPoE)
NIC 2 (rl1): LAN (IP: 192.168.3.2 NET: 192.168.3.0/24)
NIC 3 (rl2): DMZ (IP: 10.10.10.2 NET 10.10.10.0/24)

Gateway #3 (VM Host) (Linux Machine)
NIC 1 (rl0): LAN (IP: 192.168.3.3 NET: 192.168.3.0/24)
NIC 2 (rl1): VM NET (IP: 192.168.4.1 NET: 192.168.4.0/24)


The following are my configurations:

Gateway #1
rc.conf

ifconfig_rl0="inet 219.95.208.54/30"
ifconfig_rl1="inet 10.10.10.1/24"
ifconfig_rl2="inet 192.168.3.1/24"
static_routes="kvm dmz"
route_kvm="-net 192.168.4.0/24 192.168.3.3"
route_dmz="-net 10.10.10.0/24 10.10.10.1"

netstat -rn

Routing tables

Internet:
Destination        Gateway            Flags    Refs      Use  Netif Expire
default            x.x.x.x            UGS         0   719241   tun0
10.10.10.0/24      link#2             UC          0     8648    rl1
192.168.3.0/24     link#3             UC          0       49    rl2

ifconfig

rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=8<VLAN_MTU>
	ether 00:15:e9:7d:4c:10
	inet x.x.x.x netmask 0xfffffffc broadcast x.x.x.x
	media: Ethernet autoselect (100baseTX <full-duplex>)
	status: active
rl1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=8<VLAN_MTU>
	ether 00:22:b0:cd:d6:f0
	inet 10.10.10.1 netmask 0xffffff00 broadcast 10.10.10.255
	media: Ethernet autoselect (100baseTX <full-duplex>)
	status: active
rl2: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=8<VLAN_MTU>
	ether 00:15:e9:7d:47:d9
	inet 192.168.3.1 netmask 0xffffff00 broadcast 192.168.3.255
	media: Ethernet autoselect (100baseTX <full-duplex>)
	status: active

Machines behind lan that uses Gateway #1 can't get connected to any of the machines behind 192.168.4.0/24. They could ping it and receive replies but to ssh or access web servers or equivalent, the connection simply fails with connection timeout. I'm not including the setup for Gateway #2 and Gateway #3 as I believe it should be identical. Thanks.

 

[SirDice]

Machines behind lan that uses Gateway #1 can't get connected to any of the machines behind 192.168.4.0/24.

You will need to add the static route to 192.168.4.0/24 on those machines.

 

[Enf]

You will need to add the static route to 192.168.4.0/24 on those machines.

Thanks a lot. I know that fixes the problem but I was wondering if I can let the server handle the routing for me instead of having to setup on each machine and if I can do that, how do I get around it?

What I've noticed is that anyone under Gateway #1 can actually access machines behind Gateway #2 but people under gateway #2 can never access those under Gateway #1. It'll work only if I have a static route configurations on the client's machine. I've looked at the configurations and it's identical (except IP, etc) on both gateway's so I'm assuming that the router could help do the routing without having static route on client.

 

[SirDice]

I know that fixes the problem but I was wondering if I can let the server handle the routing for me instead of having to setup on each machine and if I can do that, how do I get around it?

Not with your current setup.

 

[Enf]

Okay, can you point me to a setup configuration that I could use to make the routing work from the routers level and not the user's level then? Thanks.

 

[SirDice]

Place a router in front of your gateways. Then your workstations can use that as a default gateway. The router will take care of the routing to the different subnets.

 

[Enf]

Sorry for the late bump in topic but can't both of my FreeBSD gateway act as one?