OPNsense Forum
Archive => 21.1 Legacy Series => Topic started by: Georges on July 20, 2021, 12:04:36 pm
-
Hello,
I got a multiple gateway and route.
I'm starting to be lost for how the gateway behavior work.
I'm using the Business edition btw.
For now i got 3 gateway ( i change the ip don't worry)
WAN_GW (active) WAN IPv4 253 192.168.0.1
AdminGW ADMIN IPv4 254 192.168.2.2
FW_OUT ADMIN IPv4 255 192.168.2.1
And some routes
192.168.3.0/24 AdminGW - 192.168.2.2
192.168.4.0/24 FW_OUT - 192.168.2.1
0.0.0.0/0 WAN_GW - 192.168.0.1
192.168.5.0/24 AdminGW - 192.168.2.2
192.168.6.0/24 AdminGW - 192.168.2.2
192.168.7.0/24 FW_OUT - 192.168.2.1
I would like to know if my priority is good and if i need the 0.0.0.0/0 in the route.
For now without this route i can't reach internet.
Any advice?
Some questions :
- How i need to configure a basic gateway to match specific route (priority? same as the default?, Activate the gateway or not?)
-
Lower priority = higher number or higher priority = lower number
EX: Priority 10 is more preferred then priority 250 so priority 10 routes will usually be chosen first.
Your fW definitely must have the 0.0.0.0/0 Default Gateway (Gateway of Last Resort) configured if trying to reach devices on the Internet. The only way to overcome the 0.0.0.0/0 route is to specifically list out each and every Internet address - You should be able to clearly see this is not possible.
System, Routes, Configuration, +,
Network Address: Normally your Internal TRUSTED known network addresses
Gateway: LAN-(the ip interface address of your internal Trusted router - not any IP address on your fw)
Description: Internal LAN NETs
System, Gateways, Single, +Add,
Name: DEFAULT - (note: you cannot modify after saving so pick a good name)
Description: Gateway of Last Resort
Interface: WAN
Address Family: IPv4
IP Address: Normally the IP Address of your ISP
Upstream Gateway: Select this box if you want this to be your DEFAULT Gateway (Gateway of Last Resort) (If this is a router on your Internal TRUSTED LAN network for example, do not select this box).
Far Gateway: Probably not needed but documentation fails to clarify, I'd skip and leave empty.
Disable Gateway Monitoring: Checking this box will monitor the IP address you entered into the "Upstream Gateway" and shown on the dashboard if you ADD Widget: Gateways.
Priority: I set this to a number that will allow future changes, Eg. 10, Priority 10 allows 9 other choices to be selected before this one. Think future migrations.
save.
Hope this helps, if not ask again!
Frank
-
.... BTW,
System, Routes, Status:
Proto Destination Gateway
ipv4 default ISP IP address
Notice you do not see 0.0.0.0/0 nor 0/0 under the heading "Destination".
Default = 0.0.0.0/0 = 0/0 = Default Gateway = Gateway of Last Resort ---- all mean the same thing which is if you are trying to reach a network not listed in the routing table, the routing table will send the packet to the IP address listed in the "default" line.
-
One more note:
If you have Internal networks - other than the FW LAN network, you have to setup a Gateway for the LAN interfaces and then add routes. Remember, you have to have another routing device to route your traffic to reach your other internal networks.
System, Gateways, Single, +Add,
Name: INTERNAL_GATEWAY - (note: you cannot modify after saving so pick a good name)
Description: Internal TRUSTED NETWORKS
Interface: LAN
Address Family: IPv4
IP Address: Normally the IP interface address of your other Internal router (not this FW)
Upstream Gateway: Do not select this box for Internal networks
Far Gateway: Leave empty
Disable Gateway Monitoring: If desired
Priority: I set this to a number that will allow future changes, Eg. 110, Priority 110 allows 109 other choices to be selected before this one. Think future migrations and network changes
Save.
Now go to System, Routes, Configuration, +
Network Address: Ex 192.168.0.0/16 or 192.168.23.0/24 or 10.0.1.0/25 etc.
Gateway: Drop down Arrow and select LAN (created above)
Description: That guy Frank helped me!! :)
Good luck
Frank
-
Ok thank you :)