Page 1 of 2 12 LastLast
Results 1 to 10 of 15
  1. #1
    Untangler
    Join Date
    Jun 2008
    Posts
    60

    Question Route Statements Not Working

    I'm currently running Untangle 9.4 and I've been using Untangle for 6+ years now with no major issues. Now I'm looking to make the jump to 11.1 but have run into a snag trying to get it put into production. I have basically duplicated the settings of the existing server to make the transition as smooth as possible but it seems my static routes aren't working properly in the new box like they do in the old box. Here are screenshots of my old server and new server for comparison. Am I missing something or not setting them up properly?

    My network setup is like this: PC's-->Core Switch-->Untangle Bridge-->Cisco ASA. The PC's attached to the switch(es) are on differing subnets and only one of the six subnets can reach the web when the new 11.1 server is running - the others cannot.

    The PC's that can access the web are on subnet 10.168.100.0/22. The PC's that cannot are listed within the static routes. They all work great using the existing Untangle server but not with the new server. I'm left scratching my head.

    Untangle_9.4.PNG

    Untangle_11.1.PNG

  2. #2
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,747

    Default

    I would do these steps.

    http://wiki.untangle.com/index.php/I..._Other_Subnets
    Aliases are probably easier but roues will work.

    test with ping.
    If Untangle can't ping them, then the routes are not correct.

    My guess would be that they aren't local on eth0 because thats your external and they're likely on your internal.
    soccerextreme likes this.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Untangler
    Join Date
    Jun 2008
    Posts
    60

    Default

    Thanks @dmorris I'll check out the link here this afternoon. I am a bit confused because my existing Untangle box has the routes bridged to eth0 (External/WAN) which is why I did the same with the new box - or am I reading/understanding this incorrectly?

  4. #4
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    9,738

    Default

    Eth0 might not be the same Interface on the 11.1 box. Check Config -> Network -> Interface for the current mapping.
    soccerextreme likes this.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  5. #5
    Untangler
    Join Date
    Jun 2008
    Posts
    60

    Default

    Thanks for the reply @jcoffin. They are definitely the same interface.

  6. #6
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    9,738

    Default

    Dmorris gave the best method of debugging this issue.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  7. #7
    Untangler
    Join Date
    Jun 2008
    Posts
    60

    Default

    Okay, so I think I'm getting my head wrapped around this. Based on this statement from the documentation that @dmorris provided (thanks again for it) the route statement needs to have its next hop configured for the Ethernet card that is attached to the router with the matching routing table. It's actually my ASA (WAN side) that has the route statements for these five networks so that's why these route statement on the existing Untangle server are currently configured using the External interface (or in other words eth0).

    Documentation:
    If you have other subnets on the network aside from those configured in the Setup Wizard you will need to configure Untangle to know about these networks. For example, if you are running as a bridge with Untangle having an address 192.168.1.2 with a netmask 255.255.255.0 but you also have a 192.168.20.* network and also a 10.0.*.* network you will need to tell Untangle where to reach these hosts.

    1) Add a route in Config > Network > Routes telling Untangle how to reach those subnets. If 10.0.*.* is local on Internal then you simple need to create a 10.0.0.0/16 route to "Local on Internal." If 10.0.*.* lives behind another router on your network like 192.168.1.100 then you will need to add a route to send all 10.0.0.0/16 traffic to 192.168.1.100.


    I'm almost 100% positive that eth0 is the card that is connected to the ASA with the new Untangle server as well so I'm not sure why these route statements aren't working like they do on the old Untangle server. I've included screenshots of the two interface configuration settings of both the old and new servers just to confirm. The new box is currently disconnected until I can figure out why these routes aren't working so please disregard the disconnected state.

    I wonder why the static route statements don't work with the 11.1 server?

    old_box.PNG

    new_box.PNG
    Last edited by soccerextreme; 06-30-2015 at 03:43 PM.

  8. #8
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,747

    Default

    Where do those host live? If they live off something plugged into eth1 you need to route to eth1 because thats where they are.

    If they are on the External interface then they aren't even behind Untangle and nothing you do in Untangle would effect them in anyway because they aren't behind Untangle.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  9. #9
    Untangler
    Join Date
    Jun 2008
    Posts
    60

    Default

    Those hosts live physically behind the local side of the Untangle box along with their default gateway (e.g. 10.168.25.1). However, in order for those subnets to route to 10.168.100.x they have to talk to the Cisco ASA which is behind the external interface of the Untangle box. I think this is why my existing Untangle server has its static routes pointing out the external interface. If I change one of the routes to point out the internal interface then all my devices on that particular subnet (e.g. 10.168.25.x) go offline, and as soon as I point the route back out the external interface then the devices on that subnet come back online.

    With the new Untangle server the devices on the other subnets (e.g. 10.168.25.x) aren't ever able to see the Untangle box or get online no matter which direction I point the static routes. Not sure why this is the case when the static routes work fine on my old Untangle box.

    Does this make sense? I can draw a diagram if you think that would help.

  10. #10
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,747

    Default

    Untangle 9 is a different version. If you want to use 9, then use it.
    Otherwise, how it behaves is irrelevant and seems to be confusing you.

    I would configure it correctly and then figure out why it does not work. I would not just try settings and see which ones work.
    If those hosts live on Internal, setup a route to route their traffic out Internal. If they are offline, figure out why. Can they ping Untangle? If not, why not? where do the packets get lost?

    Here are some debugging steps:
    http://wiki.untangle.com/index.php/The_Internet_is_Down
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2