I've got a slight problem with my RED setup. First, the works:
network 10.128.0.0/23 (yes, 23, no typo)
astaro
10.128.0.1 (eth0)
x.x.x.x (eth1 - WAN)
y.y.y.y (eth2 - WAN)
10.128.0.50 (br0 - bridge between eth3 and reds1)
reds1 (DHCP)
- bridged to eth3
- Split Network (10.128.0.0/23)
The clients get static IPs from the 10.128.0.0 network, so no DHCP needed there. The clients on the other side can connect well enough.
Now, my problem is that ALL clients on my side of the RED (ie in the main office) route their traffic through br0 instead of through the WAN interfaces on the astaro. Astaro is the default gateway for all clients.
Example traceroute:
[anthrax@armageddon ~]$ traceroute www.google.com [9:48]
traceroute to www.google.com (173.194.44.48), 30 hops max, 60 byte packets
1 10.128.0.50 (10.128.0.50) 0.364 ms 0.338 ms 0.503 ms
2 censored (censored) 1.134 ms 1.351 ms 1.099 ms
3 fr-ea2.fr.de.net.dtag.de (62.154.11.29) 3.602 ms 3.580 ms 3.756 ms
[snip]
As you can see, hop 1 is the bridge.
Hop 2 is the external IP address of our astaro.
Hop 3 is the first one that's "in the wild", so to say.
So, the packets go from my workstation through the bridge, from there back to our external IP, and from there into the net.
I've got 3 firewall rules pertaining to the tunnel:
Any > Any > Bridge
Bridge > Any > Any
Bridge > Any > Bridge
Something is going wrong here, but I can't for the life of me figure it out. And yes, the bridged interface is neccessary, or at least it's neccessary that my clients beyond the red are in the same network as the rest of us. Any suggestions/pointers to where I am being stupid?
This thread was automatically locked due to age.
