This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Routing problem from local interface

Hi,

I have a virtual UTM running on a ESXi server, two intefaces:

- ETH0, with a public IP 
- ETH1, with a local subnet 172.168.15.1



My problem is that I can't reach/ping anything on the WAN when I ping over the private interface (172.168.15.1):

PING 8.8.8.8 (8.8.8.8) from 172.168.15.1 eth1: 56(84) bytes of data.

From 172.168.15.1: icmp_seq=1 Destination Host Unreachable

From 172.168.15.1 icmp_seq=1 Destination Host Unreachable

From 172.168.15.1 icmp_seq=2 Destination Host Unreachable


I have another Vmware guest in the private subnet with IP 172.168.15.100 with 172.168.15.1 (the private ip of the UTM) from where I can succesfully route out.
I have set a Masquerading rule for that (Network: internal / Interface: public).

But I have no routing directly from 172.168.15.1.

This is my routes table:

default via 213.239.207.193 dev eth0  table 200  proto kernel onlink
default via 213.239.207.193 dev eth0  table default  proto kernel  metric 20 onlink
10.0.0.0/16 dev eth0  proto ipsec  scope link  src 172.168.15.1
10.242.2.0/24 dev tun0  proto kernel  scope link  src 10.242.2.1
127.0.0.0/8 dev lo  scope link
172.168.15.0/24 dev eth1  proto kernel  scope link  src 172.168.15.1
213.239.207.192/27 dev eth0  proto kernel  scope link  src 213.239.207.100
broadcast 10.242.2.0 dev tun0  table local  proto kernel  scope link  src 10.242.2.1
local 10.242.2.1 dev tun0  table local  proto kernel  scope host  src 10.242.2.1
broadcast 10.242.2.255 dev tun0  table local  proto kernel  scope link  src 10.242.2.1
broadcast 127.0.0.0 dev lo  table local  proto kernel  scope link  src 127.0.0.1
local 127.0.0.0/8 dev lo  table local  proto kernel  scope host  src 127.0.0.1
local 127.0.0.1 dev lo  table local  proto kernel  scope host  src 127.0.0.1
broadcast 127.255.255.255 dev lo  table local  proto kernel  scope link  src 127.0.0.1
broadcast 172.168.15.0 dev eth1  table local  proto kernel  scope link  src 172.168.15.1
local 172.168.15.1 dev eth1  table local  proto kernel  scope host  src 172.168.15.1
broadcast 172.168.15.255 dev eth1  table local  proto kernel  scope link  src 172.168.15.1
broadcast 213.239.207.192 dev eth0  table local  proto kernel  scope link  src 213.239.207.100
local 213.239.207.100 dev eth0  table local  proto kernel  scope host  src 213.239.207.100
broadcast 213.239.207.223 dev eth0  table local  proto kernel  scope link  src 213.239.207.100
unreachable default dev lo  table unspec  proto kernel  metric 4294967295  error -101
unreachable default dev lo  table unspec  proto kernel  metric 4294967295  error -101
unreachable default dev lo  table unspec  proto kernel  metric 4294967295  error -101
local ::1 dev lo  table local  proto unspec  metric 0
unreachable default dev lo  table unspec  proto kernel  metric 4294967295  error -101


What am I missing?



This thread was automatically locked due to age.
Parents
  • Hi  

    When you initiate a PING from an interface in UTM 9, using ping -I eth1 8.8.8.8, UTM9 will try to send out the traffic from the eth1 interface. That is why you'll not be able to ping any Internet IPs using this on the LAN interface. You can also observe this using another SSH session and doing a tcpdump for the destination traffic or on the interface.

    This works fine as long as you try it on your different WAN interfaces to check the connectivity.

    Hope this helps.

    Regards

    Jaydeep

  • Hi  

    Well, how can I fix this?

    What I am trying to do is to set up a vpn connection from my office to my branch where I can use the branch internet connection as a gateway to leave traffic from that tunnel out to the internet.

    VPN is up and working, but I am not able to make the traffic leave the remote private Lan.

    Not sure what I am missing: in the branch office I have some computers that are able to exit the Lan.

    Any idea what I have overseen?

Reply
  • Hi  

    Well, how can I fix this?

    What I am trying to do is to set up a vpn connection from my office to my branch where I can use the branch internet connection as a gateway to leave traffic from that tunnel out to the internet.

    VPN is up and working, but I am not able to make the traffic leave the remote private Lan.

    Not sure what I am missing: in the branch office I have some computers that are able to exit the Lan.

    Any idea what I have overseen?

Children
No Data