Override Default Gateway Error?
I am using a Firewalla Gold SE with ATT Fiber + static public IPs, working to replace an ER-X.
Because of reasons I'll explain below, I want to know if it's possible to override the default gateway subnet check in a WAN connection, and add an IP address that is not actually within the defined network, ie in WAN:
IP Address: 192.168.1.66
Subnet Mask: 255.255.255.0
Gateway: 192.168.1.254
IP Address 1: 99.x.x.x <-- Publicly routable
IP Address 2: 99.x.x.y <-- Publicly routable
Trying to add these IPs this way will produce an error from the FW app. However, (because ATT is going to ATT), the 192.168.1.254 Gateway actually serves as the Gateway for both the cascaded router IP and also the public subnet and happily routes for both.
This is how I have the ERX setup currently. I do this so that the ERX can pick up and route traffic to different mail and webservers (with different domainnames / IP addresses) after NATing.
So, if possible, I'd rather attach the Public IPs to the Gold and then NAT (to a 10.x.x.x) and send the traffic along (instead of using the Public IPs on the servers themselves), but the FW app is complaining about the IPs not being on the defaultrouter subnet.
Is possible to override the error?
More detail:
I'm setting the Gold SE up in router mode- after the ONT and a Pace 5268AC router/modem, using the "Cascaded Router" setting on the Pace, which passes all the traffic bound for the Public IPs on to the defined router (the FW) with an assigned private IP. So:
ONT --> Pace --> FW Gold SE (192.168.1.x + public IPs) --> 10.x.x.x net
Because ATT has to be difficult, the way it does this is to assign an internal IP (192.168.1.x) to the cascaded router, and then pass all the traffic bound for the public IPs to that internal IP to be routed. From there, you can manage your public subnet.
However, instead of assigning static IPs to the servers themselves, I want to assign the Public IPs to the FW Gold and the NAT and send the traffic on to the proper servers internal IP. Does that make sense?
I'm open to other setup ideas, but I like having my public IPs attached to a router (currently ERX) and then have them NATed and sent to the proper place.
-
Correct, no bridge mode for this model. It does allow you to assign public IPs through the Pace, so I could try to operate off of 1 Public IP attached to WAN port. When I do this, I can then add an additional Public IP, but that secondary IP doesn't seem to get routed from the Pace to the FW...
Would it be feasible to add a second public IP to a different FW port and use that for ingress of that IP / domainname and use the main WAN for server #1 and my internal network?
The janky setup I described above does work on the ER-X (not saying it's a good, or even correct setup) by attaching the public IPs as secondary IPs and using the private defaultrouter to get out (the Pace private IP space isn't used for anything else other than the cascaded router.
It's known that these ATT routers suck (and this one is like 4 generations old), maybe I'll ask for a new model...
Thanks for the quick response. Hit me up again if you have any other ideas. But my main question is still: can I override the defaultrouter check and see if I can get the public IPs routing through the private IP address?
Please sign in to leave a comment.
Comments
2 comments