Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Smoothwall - Creating a route for DHCP SuperScope

Posted on 2013-01-17
11
Medium Priority
?
1,248 Views
Last Modified: 2013-01-21
I read this post:
http://www.experts-xchange.com/Hardware/Networking_Hardware/Routers/Q_26957731.html
and wasn't sure if I should comment on it or ask a new question, so here I am.

Layout - ISP/Modem > SmoothWall > 4800G > Network

I have a DHCP server setup with a 192.168.5.x and a 192.168.7.x superscope. These plugin to a 3com 4800G (Core Switch). I have routes setup for the 5.x, 7.x, and to the fiber that connects to 4 other buildings running their own superscopes. (AD/DHCP servers in each building). I have recently installed a Smoothwall Express 3.0 appliance to temporarily replace my failing Adtran NetVanta 3120. I am able to access internet from the 5.x network, but unable to do so with the 7.x network. Connection between building is fine. The internal NIC of the SmoothWall is addressed at 192.168.5.7. If I use the following command will it create the route needed for 7.x network to connect?

ip route add 192.168.7.0/24 via 192.168.5.0

My Linux skills are growing, but this environment is not where I want to "test" my ideas. Also, to remove the same route could I use the "ip route delete 192.168.7.0/24"?
0
Comment
Question by:DigitusTechne
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
11 Comments
 
LVL 9

Expert Comment

by:Sandeep Gupta
ID: 38792809
Your adding route rule is corret.

for removing I think it is:

ip route remove192.168.7.0/24
0
 
LVL 37

Expert Comment

by:ArneLovius
ID: 38792925
I might use pfsense in preference to smoothwall, in pfsense routes can be added from the web GUI, there shoudl be no requirement to use the  shell.
0
 
LVL 47

Expert Comment

by:Craig Beck
ID: 38792965
Are the scopes separate or are they actually 'Superscopes'?

If they're superscopes the DHCP request will come from the same Layer2 segment for each IP range, therefore a route isn't needed.  If they're separate scopes you'll need the route, but you'll need to actually specify the IP address of the router which connects to the 192.168.7.0/24 subnet.

The command:

ip route add 192.168.7.0/24 via 192.168.5.0

won't work if the 192.168.5.0 network is a /24.  You'll need to be more specific with the IP address.
0
Cloud Training Guides

FREE GUIDES: In-depth and hand-crafted Linux, AWS, OpenStack, DevOps, Azure, and Cloud training guides created by Linux Academy instructors and the community.

 

Author Comment

by:DigitusTechne
ID: 38795386
I will try to answer your questions the best I can.

Yes, I am using DHCP to create and manage the SuperScopes. For building "WS", I have a 192.168.5.11 -192.168.5.250 and a 192.168.7.11 -192.168.7.250 DHCP range. The addresses 1-10 and 250 and up are reserved for network equipment etc.  I have 3 other buildings also using SuperScopes. All of the buildings are connected via fiber. The media converter connects to my core switch (3COM 4800G) providing access to the other buildings. For now each building has its own internet connection, (ISP modem).

As stated above, the order is ISP modem - Adtran - Content filter - Core Switch . My adtran is failing, and I am having some issues with my content filter. I have bypassed the content filter for now, and installed the smoothwall as a temporary firewall. All of my routing is done in the core switch, which is where I am confused. When I installed the smoothwall, my 5.x network connected to the internet just fine. the 7.x network does not.

The .5x network didn't connect the internet until I put the smoothwall address of 192.168.5.7 into the DNS record under the IP properties of my DHCP server. I also put it in the 192.168.5.7 into the DNSmgmt under the forwarder tab. This did nothing for me. (Bear with me, I am learning...).

What more information do you need on the ip?

Current settings are:

DHCP is enabled.
The Core switch is the gateway, 192.168.5.1
The subnet mask is 255.255.255.0
DNS points to my DHCP servers 192.168.5.5 and 192.168.6.5 (another building)

I have attached the routing table from the 3COM.
3COM-Routes.docx
0
 
LVL 47

Expert Comment

by:Craig Beck
ID: 38796359
Ok, so you have the 192.168.5.0 and 192.168.7.0 networks on the same Layer2 domain.

Does the Smoothwall have an IP address on the 192.168.7.0 network?
0
 

Author Comment

by:DigitusTechne
ID: 38796644
No it does not. And via the GUI I don't see a place to assign another ip address to the "green" or internal NIC.
0
 
LVL 47

Expert Comment

by:Craig Beck
ID: 38796671
If you want to use a superscope (and therefore two IP ranges on the same VLAN) you'll need to assign an IP address to the Smoothwall in the 192.168.7.0 range on the same interface as the 192.168.5.0 address, or on a separate interface which is plugged in to the same VLAN.
0
 

Author Comment

by:DigitusTechne
ID: 38801744
Thank you all for assisting with this matter.

Craigbeck, thank you for your input. I suppose now I need to find out how to assign a second IP address to the "Green" NIC.

Suggestions?
0
 

Author Comment

by:DigitusTechne
ID: 38801801
OK. According to this page:

http://www.smoothwall.org/about/feature-comparison-chart/

Smoothwall Express does not support binding multiple IP's to the "Green" NIC.

ArneLovius - Does the pfsense support the features that I need? I am navigating to that page now to take a look.....

Any suggestions? I need a solution with minimal downtime. I have 376 users on at the moment. Wednesday I will have time to make changes.
0
 
LVL 47

Accepted Solution

by:
Craig Beck earned 1500 total points
ID: 38802069
You can add the address to a different physical NIC if you have one.
0
 

Author Comment

by:DigitusTechne
ID: 38802153
I am told:

SWE3 doesn't grok VLANs. But you aren't sunk yet. You can use a GREEN/PURPLE/RED setup, connect .5. to GREEN, .7. to PURPLE, and tweak /etc/rc.d/rc.firewall.up to eliminate the firewall from PURPLE to GREEN.  (This is the setup I would need if I added another physical NIC as craigbeck suggested).

Or you could modifiy rc.netaddress.up to add a second primary address to GREEN (ip addr add 192.168.7.0/24 dev $GREEN_DEV). In either case, you don't need VLANs.

I am going to pursue the second option. Nothing like honing your Linux skills on the fly....

UPDATE

I am going to add another NIC and setup GR/PU/RD. I will be taking down the SW on Wed. and run tests from there.

Thank you for the help...
0

Featured Post

Amazon Web Services EC2 Cheat Sheet

AWS EC2 is a core part of AWS’s cloud platform, allowing users to spin up virtual machines for a variety of tasks; however, EC2’s offerings can be overwhelming. Learn the basics with our new AWS cheat sheet – this time on EC2!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Are you one of those front-line IT Service Desk staff fielding calls, replying to emails, all-the-while working to resolve end-user technological nightmares? I am! That's why I have put together this brief overview of tools and techniques I use in o…
An article on effective troubleshooting
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…

704 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question