Static Route for Second NIC

[Simon Greer]

Hi there

Bashing my head against the wall with this one:
My network is configured as follows

WAN
Draytek Router with WAN IP XX and private IP 192.168.1.1
Sonicwall Router with WAN IP 192.168.1.98 and Private IP 192.168.2.1 set up for site-to-site VPN
FreeNAS with IP 192.168.2.50 (main IP for all private network traffic)

I have an insecure service (FTP) running on the FreeNAS box and have set up a second NIC (192.168.1.50) which is connected directly to the Draytek Router LAN. I would like to know how to configure this second NIC to use the Draytek Router as its gateway so that I can forward FTP traffic to it but am completely stuck.

I have been playing around with static routes, but can't get anything working at present, but I don't really know what I should be doing. To prove the service works properly I changed the Primary Gateway to 192.168.1.1 briefly in global settings and was immediately able to connect to the service from WAN.

Appreciate any help.

Cheers

Simon

 

[jgreco]

Routes are based on a per-host, not a per-interface basis. The system will route default where you tell it to. The system will route more-specifics if you configure it to. And if you have a directly-attached interface, that implicitly acts as a route to that network.

It isn't clear why you would not just set your default gateway to 192.168.1.1 and call it a day. Since you have an interface on 192.168.2.*/24, traffic on that network will already use that.

 

[Simon Greer]

Our FreeNAS server serves CIFS shares to our internal network. This needs to be secure.

Our internal network resides behind RouterB, which resides behind RouterA. We need to run an FTP service and do not want to run this from inside our core network (behind RouterB), so have connected the second NIC directly to RouterA and bound the FTP service to this IP.

I was struggling to understand static routes, but after geeking myself up on youtube I've managed to configure it properly. The Destination is set as the WAN IP/1 and the Gateway is set as RouterA, which seems to work fine!

 

[nitrobass24]

I don't have the answer but can confirm I had this same issue. I tried setting up a second NIC and static route on a second VLAN for a dedicated NFS network and failed as well with the getting traffic to route properly. Using FreeNAS 9.10 U4


Sent from my iPhone using Tapatalk

 

[jgreco]

Most of the so-called "routing" issues people have are actually due to the indiscriminate use of NAT and failure to build a real network topology. This has been perpetuated by generations of IPv4 hacks and stupids and idiocies, so you guys shouldn't feel bad at finding it all hard to understand.

As an example, my guess is that both of the devices Simon refers to as "routers" are actually NAT gateways, which aren't routers at all. The way that this *should* be set up is to have the Draytek set up as a NAT gateway (which it presumably is). The Sonicwall should have NAT disabled, and be configured as a router with firewall filtering, such that it has one interface at 192.168.1.2, and another at 192.168.2.1. A static route installed on the Draytek for 192.168.2.0/24 points at 192.168.1.2, to cause inbound traffic to work correctly, and the Sonicwall should have a default route to 192.168.1.1. This gives you an actual properly designed routed network.

You can see some discussion and pictures at

https://medium.com/@gmanual/double-nat-explained-and-possible-solutions-8b41b6c651bd

because I just don't have the time today to explain the depths of networking hell double NAT creates.

 

[jgreco]

I don't have the answer but can confirm I had this same issue. I tried setting up a second NIC and static route on a second VLAN for a dedicated NFS network and failed as well with the getting traffic to route properly. Using FreeNAS 9.10 U4

You tried to make it too complicated. Get rid of the static route and it will be fine. Placing an IPv4 interface on a network implicitly routes that network via the local link.

 

[nitrobass24]

Hmm, I would like to agree but I could see DHCP traffic for that interface flowing out of the other interface. So I started down the path of a static route.

I am upgrading to FN11u1 next weekend and will try again.


Sent from my iPhone using Tapatalk

 

[jgreco]

Hmm, I would like to agree but I could see DHCP traffic for that interface flowing out of the other interface. So I started down the path of a static route.

I am upgrading to FN11u1 next weekend and will try again.


Sent from my iPhone using Tapatalk

That sounds more like basic networking problems. My ears go up when I hear the word "VLAN" because that's another common way to completely break a network. Besides, your FreeNAS should be assigned a static IP address. It isn't a transient client.