Route to a second gateway
-
Hello,
I'm actually testing PFsense to replace IPcop and it seems to be great but a have a problem…
My network os actually like this :
-
1 IPcop gateway (that I would like to replace by PFsense) (192.168.2.253)
-
1 Debian gateway (192.168.2.254)
-
The gateway of the users is the IPcop machine (192.168.2.253)
-
Users are on the network 192.168.2.0/24
-
There is one route on IPcop that redirect to the Debian gateway (192.168.2.254) packets sended to my second network (192.168.1.0/24)
Actually, it works fine and if I use traceroute on a machine from my network (192.168.2.0/24) to a machine from my second network (192.168.2.0/24) I've got something like this :
1 * 192.168.2.253
2 * 192.168.2.254
3 * ..........
4 * 192.168.1.10After that, a route is automaticaly added on the machine I used to do the traceroute (I can see it with "route print" command) and if I use se same command a second time I've got this :
1 * 192.168.2.254
2 * ..........
3 * 192.168.1.10My problem is the fact that with PFsense the route is not added automaticaly on the client machine and the packets must pass throught 192.168.2.253 each time. This is not good because the connection between my two networks become slow.
Is someone know how to correct this ? This problem is the last point for me to resolve before replacing IPcop by PFsense.
Thank you.
-
-
The route comes from ICMP redirect. To enable sending of ICMP redirects:
Go to Diagnostics -> Edit File
Load /etc/sysctl.conf
Find the net.inet.ip.redirect=0 line and change the 0 to 1, so the line reads:
net.inet.ip.redirect=1Save the file and reboot.
-
@cmb:
The route comes from ICMP redirect. To enable sending of ICMP redirects:
Go to Diagnostics -> Edit File
Load /etc/sysctl.conf
Find the net.inet.ip.redirect=0 line and change the 0 to 1, so the line reads:
net.inet.ip.redirect=1Save the file and reboot.
I'm not sure if this is the right place for this, but could you post some more information about ICMP redirects, and where you would or would not want to use them? It seems really interesting to me. I never knew this was possible. There was a time a while ago where I wanted to do exactly this but now I can't remember why. Thanks!