Static Routes being ignored?
-
Static Routes being ignored?
Hey guys.. first time on the forum here…
I guess i am doing something pretty stupid somewhere, but i just cant figure out what. maybe someone here can help me understand....I have this scenario where i must connect to a few private networks, each one on its own subnet.
My problem now is outbound related, so i wont bother about inbound now.
What is expected:
From networks 192.168.0.0/24 and 192.168.5.0/24 reach every other network.(ping, http, ssh, etc…)What is happening:
Where the problem seems to be:
P5 - Main RouterSo, given this scenario, here are a few configuration screens from P5:
Routes
Firewall Rules
Rede0 = 192.168.0.0/24
Rede5 = 192.168.5.0/24
Rede10 = 192.168.10.0/24
Besides that, this is what i got in the console from : netstat -rn -f inet
Routing tablesInternet:
Destination Gateway Flags Refs Use Netif Expire
default 192.168.10.1 UGS 0 1941419 em0
10.0.0.0/8 192.168.10.11 UGS 0 173 em0
125.255.24.14/32 192.168.10.11 UGS 0 0 em0
127.0.0.1 link#7 UH 0 200 lo0
172.22.44.55/32 192.168.10.10 UGS 0 6 em0
172.30.250.132/30 192.168.10.10 UGS 0 10 em0
189.23.87.97/32 192.168.10.11 UGS 0 0 em0
192.168.0.0/24 link#3 U 0 1795277 em2
192.168.0.1 link#3 UHS 0 0 lo0
192.168.1.0/24 192.168.0.7 UGS 0 119281634 em2
192.168.5.0/24 link#2 U 0 75373930 em1
192.168.5.1 link#2 UHS 0 0 lo0
192.168.10.0/24 link#1 U 0 217762 em0
192.168.10.7 link#1 UHS 0 0 lo0some tests on P5 console:
TRACEROUTE - CORRECT
traceroute to 8.8.8.8 (8.8.8.8), 1 hops max, 52 byte packets
1 192.168.10.1 (192.168.10.1) 0.661 ms 0.360 ms 0.443 msTRACEROUTE - WRONG!!!
traceroute to 172.30.250.133 (172.30.250.133), 1 hops max, 52 byte packets
1 192.168.10.1 (192.168.10.1) 1.073 ms 0.749 ms 1.080 mstraceroute to 10.0.0.1 (10.0.0.1), 1 hops max, 52 byte packets
1 192.168.10.1 (192.168.10.1) 0.442 ms 0.318 ms 0.449 msPinging gateways..
PING 192.168.10.10 (192.168.10.10): 56 data bytes
64 bytes from 192.168.10.10: icmp_seq=0 ttl=64 time=1.255 ms
64 bytes from 192.168.10.10: icmp_seq=1 ttl=64 time=0.879 ms
^C
–- 192.168.10.10 ping statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.879/1.067/1.255/0.188 msPING 192.168.10.11 (192.168.10.11): 56 data bytes
64 bytes from 192.168.10.11: icmp_seq=0 ttl=64 time=1.306 ms
64 bytes from 192.168.10.11: icmp_seq=1 ttl=64 time=0.909 ms
^C
--- 192.168.10.11 ping statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.909/1.107/1.306/0.199 ms -
I added floating Rules to do this, and it worked. My problem is solved and that how it is going to be…
BUT:
Shouldn´t it have worked the previous way?
-
Hi all.
i am new to pfs. i am trying to block all ports and only allow the neccesary ports that i need on our network such as port 80,443, pop3, smtp etc. its about the rule under Firewall. how is the sequence work with the floating rules? is it reading from top to bottom or bottom to top? pls help.
rikki