OPNsense Forum

Archive => 21.1 Legacy Series => Topic started by: Georges on July 20, 2021, 12:04:36 pm

Title: Gateway - multiple gateway and route
Post by: Georges on July 20, 2021, 12:04:36 pm
Hello,

I got a multiple gateway and route.
I'm starting to be lost for how the gateway behavior work.
I'm using the Business edition btw.
For now i got 3 gateway  ( i change the ip don't worry)
WAN_GW (active)    WAN    IPv4    253    192.168.0.1
AdminGW    ADMIN    IPv4    254    192.168.2.2    
FW_OUT    ADMIN    IPv4    255    192.168.2.1

And some routes
   192.168.3.0/24   AdminGW - 192.168.2.2   
   192.168.4.0/24   FW_OUT - 192.168.2.1      
   0.0.0.0/0   WAN_GW - 192.168.0.1       
   192.168.5.0/24   AdminGW - 192.168.2.2      
   192.168.6.0/24   AdminGW - 192.168.2.2   
   192.168.7.0/24   FW_OUT - 192.168.2.1

I would like to know if my priority is good and if i need the 0.0.0.0/0 in the route.
For now without this route i can't reach internet.

Any advice?

Some questions :
- How i need to configure a basic gateway to match specific route (priority? same as the default?, Activate the gateway or not?)
   
Title: Re: Gateway - multiple gateway and route
Post by: fsebera on July 22, 2021, 08:23:04 pm
Lower priority = higher number or higher priority = lower number
EX: Priority 10 is more preferred then priority 250 so priority 10 routes will usually be chosen first.

Your fW definitely must have the 0.0.0.0/0 Default Gateway (Gateway of Last Resort) configured if trying to reach devices on the Internet. The only way to overcome the 0.0.0.0/0 route is to specifically list out each and every Internet address - You should be able to clearly see this is not possible.

System, Routes, Configuration, +,
Network Address: Normally your Internal TRUSTED known network addresses
Gateway:  LAN-(the ip interface address of your internal Trusted router - not any IP address on your fw)
Description: Internal LAN NETs



System, Gateways, Single, +Add,
Name:        DEFAULT - (note: you cannot modify after saving so pick a good name)
Description: Gateway of Last Resort
Interface:  WAN
Address Family:  IPv4
IP Address:  Normally the IP Address of your ISP
Upstream Gateway: Select this box if you want this to be your DEFAULT Gateway (Gateway of Last Resort) (If this is a router on your Internal TRUSTED LAN network for example, do not select this box).
Far Gateway: Probably not needed but documentation fails to clarify, I'd skip and leave empty.
Disable Gateway Monitoring: Checking this box will monitor the IP address you entered into the "Upstream Gateway" and shown on the dashboard if you ADD Widget: Gateways.
Priority:   I set this to a number that will allow future changes, Eg. 10, Priority 10 allows 9 other choices to be selected before this one. Think future migrations.
save.


Hope this helps, if not ask again!
Frank
Title: Re: Gateway - multiple gateway and route
Post by: fsebera on July 22, 2021, 08:48:40 pm
.... BTW,

System, Routes, Status:

Proto   Destination   Gateway
ipv4    default          ISP IP address

Notice you do not see 0.0.0.0/0 nor 0/0 under the heading "Destination".

Default = 0.0.0.0/0 = 0/0 = Default Gateway = Gateway of Last Resort ---- all mean the same thing which is if you are trying to reach a network not listed in the routing table, the routing table will send the packet to the IP address listed in the "default" line.
Title: Re: Gateway - multiple gateway and route
Post by: fsebera on July 22, 2021, 09:16:12 pm
One more note:

If you have Internal networks - other than the FW LAN network, you have to setup a Gateway for the LAN interfaces and then add routes. Remember, you have to have another routing device to route your traffic to reach your other internal networks.

System, Gateways, Single, +Add,

Name:  INTERNAL_GATEWAY - (note: you cannot modify after saving so pick a good name)

Description: Internal TRUSTED NETWORKS

Interface:  LAN

Address Family:  IPv4

IP Address:  Normally the IP interface address of your other Internal router (not this FW)

Upstream Gateway: Do not select this box for Internal networks

Far Gateway: Leave empty

Disable Gateway Monitoring: If desired

Priority:   I set this to a number that will allow future changes, Eg. 110, Priority 110 allows 109 other choices to be selected before this one. Think future migrations and network changes

Save.

Now go to System, Routes, Configuration, +

Network Address: Ex 192.168.0.0/16 or 192.168.23.0/24 or 10.0.1.0/25 etc.

Gateway: Drop down Arrow and select LAN (created above)

Description: That guy Frank helped me!! :)


Good luck
Frank
Title: Re: Gateway - multiple gateway and route
Post by: Georges on August 03, 2021, 11:11:33 am
Ok thank you :)