4. Route to a second gateway

Route to a second gateway

  • S

    Hello,

    I'm actually testing PFsense to replace IPcop and it seems to be great but a have a problem…

    My network os actually like this :

    • 1 IPcop gateway (that I would like to replace by PFsense) (192.168.2.253)

    • 1 Debian gateway (192.168.2.254)

    • The gateway of the users is the IPcop machine (192.168.2.253)

    • Users are on the network 192.168.2.0/24

    • There is one route on IPcop that redirect to the Debian gateway (192.168.2.254) packets sended to my second network (192.168.1.0/24)

    Actually, it works fine and if I use traceroute on a machine from my network (192.168.2.0/24) to a machine from my second network (192.168.2.0/24) I've got something like this :

    1 * 192.168.2.253
    2 * 192.168.2.254
    3 * ..........
    4 * 192.168.1.10

    After that, a route is automaticaly added on the machine I used to do the traceroute (I can see it with "route print" command) and if I use se same command a second time I've got this :

    1 * 192.168.2.254
    2 * ..........
    3 * 192.168.1.10

    My problem is the fact that with PFsense the route is not added automaticaly on the client machine and the packets must pass throught 192.168.2.253 each time. This is not good because the connection between my two networks become slow.

    Is someone know how to correct this ? This problem is the last point for me to resolve before replacing IPcop by PFsense.

    Thank you.

    0
  • C

    The route comes from ICMP redirect. To enable sending of ICMP redirects:

    Go to Diagnostics -> Edit File

    Load /etc/sysctl.conf

    Find the net.inet.ip.redirect=0 line and change the 0 to 1, so the line reads:
    net.inet.ip.redirect=1

    Save the file and reboot.

    0
  • B

    @cmb:

    The route comes from ICMP redirect. To enable sending of ICMP redirects:

    Go to Diagnostics -> Edit File

    Load /etc/sysctl.conf

    Find the net.inet.ip.redirect=0 line and change the 0 to 1, so the line reads:
    net.inet.ip.redirect=1

    Save the file and reboot.

    I'm not sure if this is the right place for this, but could you post some more information about ICMP redirects, and where you would or would not want to use them? It seems really interesting to me. I never knew this was possible. There was a time a while ago where I wanted to do exactly this but now I can't remember why. Thanks!

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy