Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[cariparo]

Hi All,
I'm in trouble when adding an IP Alias to DFL-800 LAN interface. Here the procedure:

Current LAN: 10.10.3.1/24
New LAN: 10.0.0.1/23

Create New IP Address for 10.0.0.1        (lan_new_ip)
Create New IP Address for 10.0.0.0/23   (lan_new_net)

Interfaces -> ARP -> Add
Mode: Publish
Interface: Lan
IP Address: lan_new_ip
MAC: 00-00-00-00-00-00

Rules -> IP Rules -> Add (on top of the list)
Action: Allow
Service: Ping Inbound

Source
Interface: Lan
Network: lan_new_net
Destination
Interface: core
Network: lan_new_ip

Save&Activate

But I can't ping 10.0.0.1 from 10.0.0.55 (10.10 and 10.0 are both on same cable in the phisical lan port 1)

Does anyone please tell ma what is wrong?


Thanks
-Carip

[Fatman]

Did you add a route for lan_new_net on the LAN interface, metric 100, no gw?
Did you add a route for lan_new_ip on the core interface, metric 0, no gw?

[cariparo]

Perfect, it works fine!

 

Keep up your great work,
-Carip.

[enriquev]

Hello, I am in almost the same situation;

I have the same setup as the OP, after adding routes I can ping 10.0.0.1 from 10.0.0.55 but contrarly to my other lan, 10.0.0.0/23 cannot access the web, I am missing any other routes?

I have added the needed rules for the connections as the firewall doesnt pick anything up anymore...

[Fatman]

If both your firewall and your network(s) have routes for all valid endpoints then routes are not the problem, rules are.  I strongly suspect rules are going to be the issue here, double and triple check them.

For cases like this I like to group all valid LAN networks together in one object and use that instead of LAN_Net for all my IP Rules.

[enriquev]

There doesnt seem to be anything on my syslog server...

Here is my full setup:
wan1 ip (207.XXX.XXX.108)
wan1 net (207.XXX.XXX.64/26)
wan1 gw (207.XXX.XXX.65)

lan1 ip (207.XXX.XXX.108)
lan1 net (207.XXX.XXX.64/26)
wan1 gw (207.XXX.XXX.65)

Most of my clients get following addresses:
IP: 207.XXX.XXX.91
maks : 255.255.255.192
Gateway: 207.XXX.XXX.65

Now I want to Nat some of these but not all of them.
I added,
ARP:
Publish - lan -  NAT-FW-2(192.168.66.1) - (00:00:12:12:12:AA)

Routes:
core - NAT-FW-2(192.168.66.1)  - (Metric 0) - No GateWay - No IP
lan  - nat-lan-2(192.168.66.0/24) - (Metric 100) - No GateWay - No IP

On a pc I set:
IP : 192.168.66.66
mask : 255.255.255.0
Gateway : 192.168.66.1

Ping to 192.168.66.1 works.

Now I try and ping 4.2.2.2
In syslog I see:

Local0.Warning   207.XX.XX.108   [2010-02-11 14:12:36] FW: RULE: prio=3 id=06000051 rev=1 event=ruleset_drop_packet action=drop rule=Default_Rule recvif=lan srcip=192.168.66.66 destip=4.2.2.2 ipproto=ICMP ipdatalen=40 icmptype=ECHO_REQUEST echoid=512 echoseq=4413

Then I go to my rules, and I add this as my top most:
Action - Allow
SourceIF - lan
Sourcenetwork - nat-lan-2(192.168.66.0/24)
DestinationIF - wan1
DestinationNetwork - all-nets
Service - all_icmp

Now nothing shows up in my syslog, but ping doesnt work.
I also tried the rule with Action - NAT and Action FastForward, but no difference...

Now im stuck...

[Fatman]

You are routing the same network to multiple interfaces, that is not going to work.

[enriquev]

Hello,

I have changed to the following:
lan1 ip (192.168.55.1)
lan1 net (192.168.55.0/24)

Then on a client pc i do:
ip: 192.168.55.55
msk: 255.255.255.0
gw: 192.168.55.1

ping 4.2.2.2 works :-)

but from the same pc I do :
ip: 192.168.66.66
msk: 255.255.255.0
gw: 192.168.66.1

ping 4.2.2.2 doesnt work :-( nothing on syslog...

please help... 

[enriquev]

Ok I have found my problem,

it was my ARP entry, it doesn't work if I specify a MAC.

It really took me alot of time to find out 

hope it help someone.