Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: OSPF Issue

  1. #1
    Untanglit
    Join Date
    May 2011
    Posts
    15

    Unhappy OSPF Issue

    I've got a strange one folks. About two weeks ago, we could not access the Internet via our untangle box. If I bypassed the Untangle, and ran from our Catalyst switch to our Firewall the Internet was working find. It was an older PC 4 1/2 years old, and it's been randomly restarting, so I decided it was time to replace it.

    So I replace it with a new i5 PC, and install a fresh copy of Untangle 10 onto the box. I transfered all of my settings manually since I didn't want any "corrupt" data getting into the server.

    The way our network is setup, we have a router connected to a catalyst switch. One port on the switch is on it's on LAN. I run that port on the switch to the Untangle box(or Firewall) internal network card. Then I run the WAN network card to our firewall.

    All of my equipment is a data center, so our offices have different subnets. For redunancy the router can route traffic to our offices using OSPF. So if there is a failure, our offices maintain connection to our data center via rudendant paths.

    Our firewall uses OSPF to deliver packets using OSPF through the untangle box to the rounter at the data center.

    As I said, up until two weeks this was working on our Untangle box running Untangle 8.x.

    So at the data center the internet is working just find through Untangle. However OSPF is no longer working from our firewall to the router.

    If I bypass the untangle box OSPF starts working, and traffic from the branches can get on the Internet.

    As I said, I replaced the untangle box with a new box, and the same OSPF not working problem on the new box running 10.x latest version. And untangle 8.x was doing the same thing.

    So I'm at a loss. Why did our old untangle box start blocking OSPF traffic between our firewall, and the router? Why does the same thing happen on 10? Right now I have all of my Apps are off. And the problem continues.

    Run a network cable from the firewall to the switch.. Internet works.

    Anyone have any ideas?

  2. #2
    Untanglit
    Join Date
    May 2011
    Posts
    15

    Default

    I forgot to mention, Untangle is setup in bridge mode. IP on the firewall is 10.1.254.33. Untangle ip is 10.1.254.34. Router is at 10.1.254.38. Route entries on the Untangle box tell it how to get to 10.1.1.0, 10.1.2.0, 10.1.3.0, and 10.1.10.0.

    The firewall only has route entries for 10.1.1.0 and 10.1.2.0. As these are at our data center. 10.1.3.0, and 10.1.10.0 are found using OSPF on the routner. Firewall is setup to talk to the router for OSPF info.

    It appears that OSPF is not going through Untangle.

  3. #3
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,546

    Default

    I'm failing at finding a protocol / port definition on how OSPF communicates. But what I'd suggest is making a bypass rule for OSPF traffic, sadly without the aforementioned definitions I haven't a clue how to construct one.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  4. #4
    Untangle Ninja Jim.Alles's Avatar
    Join Date
    Jul 2008
    Location
    Central PA
    Posts
    2,469

    Default

    Bypass the IP addresses of the routers involved?

    A network diagram might help us.
    If you think I got Grumpy

  5. #5
    Untangle Ninja dwasserman's Avatar
    Join Date
    Jun 2008
    Location
    Argentina
    Posts
    4,375

    Default

    Verify the static routes in untangle, to resolve the office´s ip via the router, not the firewall. (or vice versa?)
    The world is divided into 10 kinds of people, who know binary and those not

  6. #6
    Untanglit
    Join Date
    May 2011
    Posts
    15

    Default

    Firewall - Ip 10.1.254.33 -------- Untangle Wan IP 10.1.254.34 ------ Catalyst Switch ---------- Router 10.1.254.38 --- OSPF packets are getting alter/corupt between the router and firewall. Firewall unable to connect to 10.1.3.0 and 10.1.10.0 networks.

    Firewall - IP 10.1.254.33 ------------- Catalyst Switch ------------ Router 10.1.254.38 - OSPF working properly.

    I've tried a generic OSPF filter by bypassing all traffice on 224.0.0.5 and I've bypassed all traffice going from the firewall to the router and vice versa. A bypass filter does not fix this.

    What I don't understand is this started between 3:53 PM on a Sunday and 11:59 PM on 10/21/13. I made no changes on our Firewall, switch, router, or untangle on this date. I was in fact out of town, driving back to town during this time....

    I have route entries for all networks on the Untangle box which point to the Internal router. My two branch networks can travel about 4 different ways from the router to our branch offices. Hence the need for OSPF from the firewall.

    I can manually add static routes to the firewall to fix this issue, but then OSPF is dead at this point, and I'd have to manual reconfigure our network when there was an outage.

    I just don't understand what could have changed. Wait a minute. I just had a thought. The two things that my old untangle box and my new untangle box have in common is I used the same network cables between the untangle box and router and firewall. Second I used the same Network Adapter cards. I just pulled them from the old box and through them in the new box.

    Could a bad NIC be the issue? A bad cable??? I'm going to replace the cards, and network cable to see if that make a difference....

  7. #7
    Untangle Ninja Jim.Alles's Avatar
    Join Date
    Jul 2008
    Location
    Central PA
    Posts
    2,469

    Default

    I don't understand how it worked. That is not sarcastic (my usual mode).

    The quick swipe with Google showed me that Open Shortest Path First (OSPF) is used in a single Autonomous System (AS) instead of RIP. Having a router inside of a router (firewall) doing NAT is legal but ?

    And OSPF is supposed to get through NAT?

    I don't know enough about this to ask the right questions.

    Last edited by Jim.Alles; 11-08-2013 at 06:12 PM. Reason: actually reading a wikipedia article.
    If you think I got Grumpy

  8. #8
    Untangle Ninja Jim.Alles's Avatar
    Join Date
    Jul 2008
    Location
    Central PA
    Posts
    2,469

    Default

    How many ports are used on the catalyst switch? what other function does it serve?
    If you think I got Grumpy

  9. #9
    Untanglit
    Join Date
    May 2011
    Posts
    15

    Default

    Quote Originally Posted by Jim.Alles View Post
    How many ports are used on the catalyst switch? what other function does it serve?
    The Catalyst switch is setup with two Vlans. One Vlan has is setup for 10.1.1.0 and has all of the equipment at the Site. Ie servers, back tape drive, etc. Second Vlan had two things plugged into on two specific ports. One port has the router. Second port has the Untangle hooked up. If I run a network cable from the untangle directly to the firewall, OSPF works. Run the cable from the catalyst to the untangle box, untangle to firewall, OSPF fails.

  10. #10
    Untanglit
    Join Date
    May 2011
    Posts
    15

    Default

    Quote Originally Posted by Jim.Alles View Post
    I don't understand how it worked. That is not sarcastic (my usual mode).

    The quick swipe with Google showed me that Open Shortest Path First (OSPF) is used in a single Autonomous System (AS) instead of RIP. Having a router inside of a router (firewall) doing NAT is legal but ?

    And OSPF is supposed to get through NAT?

    I don't know enough about this to ask the right questions.

    I'm going to post an email I sent to someone who set up our original Untangle box over 7 years ago.... And you will see why we need OSPF. And our old Untangle box worked just fine passing OSPF until 10/21/2013. Absolutely nothing changed on our network... It was a Sunday afternoon when it quit working...

Page 1 of 2 12 LastLast

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2