Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Static routes vs. OSPF - OSPF not routing to internet

    Scheduled Pinned Locked Moved Routing and Multi WAN
    2 Posts 1 Posters 709 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • 5
      5mall5nail5
      last edited by

      Hi all,

      I am working a setup in my lab using VMware NSX and pfSense and OSPF. I have the routes propagating around within the NSX environment and up to pfSense. I can access the NSX environment (10.250.250.0/24, 10.251.251.0/24, and 10.252.252.0/24) from my main network (192.168.50.0/24) with OSPF enabled, however 10.252.252.0/24 VMs cannot get out to the internet. Traceroute shows the hops, but it's like there's no route back, etc.:

      alt text

      Results in:

      TestTraceRoute:~$ traceroute 8.8.8.8

      traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets

      1 10.252.252.1 (10.251.251.1) 0.237 ms 0.142 ms 1002.258 ms

      2 10.250.250.1 (10.250.250.1) 0.166 ms 0.191 ms 0.185 ms

      3 192.168.250.1 (192.168.250.1) 0.616 ms 0.618 ms 0.598 ms

      4 * * *

      5 * * *

      6 * * *

      7 * * *

      8 * * *...

      Some people have mentioned that there may need to be a source NAT or something. I admit routing is not my forte. If I create static routes on the pfSense firewall for the NSX networks, then everything works as expected:

      alt text

      alt text

      So, in short, is there something that is getting created on pfSense when doing static routes that is not there when using OSPF? I am using Quagga, and the routes for the 10.250.250.0/24, 10.251.251.0/24, and 10.252.252.0/24 networks did make their way to the pfSense and I could reach them from internet networks but they could not reach out to the internet. No ACLs are in place anywhere in the path so that I can get communication working first (any:any rules everywhere and firewalls disabled where possible). So changing JUST static routes fixes the issue... but I want OSPF to handle this obviously.

      Thanks for the help!

      1 Reply Last reply Reply Quote 0
      • 5
        5mall5nail5
        last edited by

        Wanted to provide an update to my own thread - after doing research it seems that OSPF will not create an automatic source/outbound NAT. So, it would seem that the "fix" would be to create automatic outbound NAT AND manual (hybrid mode), but this kind of defeats the whole point of OSPF. I could do a summary NAT, but then still, the benefit of OSPF would not be fully realized. Hrm.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.