Can't add Static Routes (Firewalla Gold)

Comments

6 comments

  • Avatar
    Phe Bui

    Although the command line interface does not show the 10.21.7.0/24 routing, but routing is already running.

    But the network layer 10.21.7.0/24 cannot go to the internet. Apparently Firewalla only allows source NAT as the internal network .

    0
    Comment actions Permalink
  • Avatar
    Phe Bui

    and it seems that Firewalla also does not recognize the device on the NextHop network (here is 10.21.7.0/24)

    0
    Comment actions Permalink
  • Avatar
    James Willhoite

    I have static routes for a couple of IPSec and IKEv2 set up in my FWG.

    I’m on my phone and will not let me add the screen shot, but I have a subnet 10.10.20.0/24 that has a next hop of 192.168.2.1 (local LAN1) via ISP1 and it works great. This allows me to tunnel back through a vpn connection.

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    Watch out for 1.972, it will support source NAT.

    As for identifying devices on the inside networks, that may require a bit of work, it is just recently we started to handling multiple inside networks.

    1
    Comment actions Permalink
  • Avatar
    Support

    Firewalla is using combination of ip route and ip rule (policy-based routing) at the backend. The static route can be found if you run
    ip route show table static

    1
    Comment actions Permalink
  • Avatar
    James Willhoite

    @Firewalla @Support what table/chain does this get put into. I have some static routes set up and my `ip route show table static` is empty. I was looking in the iptables and did not see anything rules.

    0
    Comment actions Permalink

Please sign in to leave a comment.