Routing problem

**dwasserman** · 08-03-2010, 07:11 AM

Wich device is the .253?
Paste here the trace route from network 10 please
From untangle you can ping any device in net 10?

**proactivens** · 08-03-2010, 07:24 AM

you need to either change you subnet mask from /24 to /16 or give untangle an IP alias on the 192.168.10.x network.

Untangle cannot see the 192.168.10.x network unless you give it an ip alias or change your snm to cover the 192.168.10.x network.

**dwasserman** · 08-03-2010, 07:46 AM

Originally Posted by proactivens

you need to either change you subnet mask from /24 to /16 or give untangle an IP alias on the 192.168.10.x network.

Untangle cannot see the 192.168.10.x network unless you give it an ip alias or change your snm to cover the 192.168.10.x network.

Is more beautiful create static routes in networking/advance/route that's what he did, and it should work fine.
But its dependent how work this vpn I think.

**soborno** · 08-03-2010, 08:05 AM

I paste the screenshots from the 192.168.10.1 and the Ut screenshot.
The device in the 192.168.20.253 or any .253 is a router run by a provider, It´s out of my hands, all the non-VPN traffic is sent to 192.168.20.251, that always work fine in the other fw and it seems so also for the trace output.
In the meanwhile, I´ll check proactivens advice.

Regards,
Claudio

**proactivens** · 08-03-2010, 08:37 AM

Originally Posted by dwasserman

Is more beautiful create static routes in networking/advance/route that's what he did, and it should work fine.
But its dependent how work this vpn I think.

static routes isnt enough. ive done this plenty of times, you need either an ip alias or change the snm the way i described.

**soborno** · 08-03-2010, 08:42 AM

Exactly as you say proactivens, it works now

Thanks all for the help!
I don´t want to bother anymore, but can you explain a little bit why change the snm was necesary, and static rules weren´t enough

Anyway, it was a big help.

Regards,
Claudio

**sky-knight** · 08-03-2010, 08:46 AM

Blame linux... the linux kernel isn't a bridge, it's a b-router. It has to know it's responsible for the address ranges in question.

So you either have to add an alias, to put the server on all networks it needs to filter. Or, you widen the subnet mask to cover all of the IPs in question.

The static route is really a pointless addition. The only reason you ever need that on a bridge is to cover a remote segment.

**proactivens** · 08-03-2010, 08:54 AM

your welcome

Skyknight is right, untangle needs to be addressable on every network its connected to. Otherwise, it doesnt know how to communicate to that network. Static routes should be enough, but they are not. Thats just the way it is. One of the caveats of Untangle.

**dwasserman** · 08-03-2010, 09:01 AM

Really I dont finish to understand well.
If you change the netmask to 16 work ok, but generate a big broadcast domain, with the risk of saturate the vpn links with this.
I have only one installation with UT and remote private 5 sites, and config them in networking/advance/routes without any problem. No alias, no widen subnet mask, but its true also, are pure private links, not vpn.

**sky-knight** · 08-03-2010, 09:36 AM

Remote segments are a different story. Those use static routes because there is another router responsible for them. The widened mask is for when you have those IP spaces transiting a single segment where Untangle resides.

Protect

Filter

Perform

Connect

Manage

Add-Ons

Thread: Routing problem

LinkBack

Thread Tools

Tags for this Thread

Posting Permissions