VIP Issues and Static Route, pfSense 2.3.4
-
Dears, good morning.
I have the following scenario:
WAN1 = 192.168.100.1/28 (Public IP) (Tier 1)
WAN2 = 192.168.200.1/28 (Public IP) (Tier 1)
LAN = 172.16.0.0/23
MPLS Side A = 10.10.0.1/24 (IP Internal Matrix)
MPLS Side B = 10.200.100.1/24 (IP Internal Branch)It is as follows, I configured 3 network cards in the machine:
Board 1 = WAN1
Board 2 = WAN2
Board 3 = LANAll running normally with Squid Transparent, NAT and everything else that's right besides being with the standard firewall rules.
So I came up with the following problem, how to connect the internal network to MPLS?
I did the following (I used this scenario in a CentOS 6.9):
1º - I created a Virtual IP (IP Alias) with IP 10.10.0.2/24 exiting on the board 1 (Since WANs and MPLS are in the same Switch).
2º - I created a new Gateway, with IP 10.10.0.1/24 (Also exiting on card 1).
3º - I created a static route for the 10.200.100.0/24 network, with the gateway 10.10.0.1/24.
And it did not work.
I gave full permission on the firewall on all network cards.
Remembering that in CentOS I did not have the need to create a gateway only configured the Virtual Interface and configured the route.
My palliative solution was as follows:
I removed the settings from Card 2 and placed the MPLS configuration. But I do not have the redundancy of links and I did not want to have to add another network card because there is more space.
Regards,
Rodrigo Prazim
-
Here is the route table:
| Internet: |
| Destination | Gateway | Flags | Netif |
| default | 192.168.100.1 | UGS | re0 |
| 10.8.0.0/28 | 10.8.0.2 | UGS | ovpns1 |
| 10.8.0.1 | link#8 | UHS | lo0 |
| 10.8.0.2 | link#8 | UH | ovpns1 |
| 10.200.100.0 | 10.10.0.1 | UGS | re0 |
| 10.10.0.0 | link#1 | U | re0 |
| 10.10.0.1 | link#1 | UHS | lo0 |
| localhost | link#7 | UH | lo0 |
| 172.16.0.0/23 | link#3 | U | bge0 |
| seth-proxy-server- | link#3 | UHS | lo0 |
| 192.168.100.0/28 | link#1 | U | re0 |
| 192.168.100.1 | link#1 | UHS | lo0 |
| 192.168.200.0/28 | link#2 | U | re1 |
| 192.168.200.1 | link#2 | UHS | lo0 |The command:
$ traceroute 10.200.100.100 # Does not get you anywhere.Já o comando:
$ traceroute -g 10.10.0.1 10.200.100.100 # It's WorkI believe the route is not working properly for VIP Alias
-
| $ route get 10.200.100.0 |
| route to: 10.10.100.0 |
| destination: 10.200.100.0 |
| mask: 255.255.255.0 |
| gateway: 10.10.0.1 |
| fib: 0 |
| interface: re0 |
| flags:<up,gateway,done,static></up,gateway,done,static> || recvpipe | sendpipe | ssthresh | rtt,msec | mtu | weight | expire |
| 0 | 0 | 0 | 0 | 1500 | 1 | 0 |
| $ route get 10.200.100.100 |
| route to: 10.200.100.100 |
| destination: 10.10.100.0 |
| mask: 255.255.255.0 |
| gateway: 10.10.0.1 |
| fib: 0 |
| interface: re0 |
| flags:<up,gateway,done,static></up,gateway,done,static> || recvpipe | sendpipe | ssthresh | rtt,msec | mtu | weight | expire |
| 0 | 0 | 0 | 0 | 1500 | 1 | 0 |
Resgard,
Rodrigo Prazim