Routing with several network with GREEN ORANGE and RED

Networking Static/Dynamic Routing
1

Hi,

i have created the two networks “dog” and “msg”. The red boxes at the left side are ipfire systems. The msg-ipfire-system is connected to the dog-network with the orange network interface. Now i want to communicate from one of the msg-systems (lets say “msg-sdb-prd-01”) to “dog-rpxy-prd-01”.
I think communication from msg-GREEN to msg-ORANGE is allowed by default.

  • On every server in the dog-network, “172.16.0.1” is configured as default gateway. To get the route back to the “msg” network i added a static route to the dog-ipfire (HOST=172.18.0.0/17; GATEWAY=172.16.0.3) in menu Network->Static routes.
  • Then i added a firewall rule to allow every traffic from ORANGE to GREEN in the msg-ipfire (just for testing, later it would be more specific) and activated logging.
  • Also just for better analysis i added a rule to allow every traffic from GREEN to ORANGE in the msg-ipfire and acitvated logging.

Annotation 2020-02-04 171519
Annotation 2020-02-04 1715191041×760 56.2 KB

When i “ping” or “curl” from 172.18.20.2 to 172.16.10.2 in the firewall logs of the msg-ipfire i see, that there is a FORWARDFW entry from green0 to targetserver 172.16.10.2, but no communication backwards.
I think the targetserver sends it to his default gateway, but there is nothing in the firewall log. So i do not really know, what happens now with my request.

Do you have any idea?

Regards

Dave

2

Okay found one additional thing:
When i add a static route to the target system i want to ping to (172.16.10.2) with command ip route add 172.18.0.0/17 via 172.16.0.3 dev eth0 it works as expected. so i learned, not the dog-ipfire system, the target system has to know the right route.
But how can i deploy the route to the client? I tried to do that with the DHCP option “static-routes” and the option value “172.18.0.0/17 172.16.0.3”. But when i do a dhclient -r i get no new route…

Has anyone deployed routes to clients with DHCP options before?

Regards

Dave

3

Hey folks,
i tried to add a routing option to DHCP. But in ipfire there is just a old option “static-route” available. So i added thw manually the 2 options “rfc3442-classless-static-routes” and “ms-classless-static-routes” to /var/…/advoptions-list which enables myself to add the option in the ipfire gui. And now the options will be deployed to the client and communication is working.
I created a pull request on github with the both new options. You will find the pull request here: https://github.com/ipfire/ipfire-2.x/pull/67
Regards Dave