External NIC Issue

Discuss and get help to implement a CacheGuard Gateway into your networks
Post Reply
User avatar
FortifyIT
Posts: 21
Joined: 10 Apr 2018 19:07
Contact:

External NIC Issue

Post by FortifyIT »

Hey

Having an issue with the Free CG VE so I can test it out. I cannot get out over the External NIC. I have it all configured with the Setup and set the Internal and External via the command line via the manual.

Internal 10.11.3.1. GW 10.11.3.254. Subnet 255.255.255.0

External 192.168.1.2 GW 192.168.1.254 subnet 255.255.255.0

I followed the quick setup guide in the manual to get things going but no go.

I have a router (internal network) connected to the fiber modem (external network). I have ETH0 on the Internal and ETH1 is on External.

I can get to the Web GUI on the internal side but when I try to ping or traceroute the 192. router, doesn't go anywhere. I can't register the device because it won't go out to the internet.

THanks
Mike
User avatar
david
Posts: 163
Joined: 08 Aug 2015 20:38

Re: External NIC Issue

Post by david »

Hi,

Thank you for your post.

My understanding is that your internal router is physically connected to your fiber modem. If so, can you please specify the IP network used to connect those devices? (I need the network, mask and both sides IP addresses).

From which machine do you ping? From CG or another machine. Please kindly specify the source and destination IP.

Best Regards,
David Janeway
CacheGuard Technical Team
https://www.cacheguard.com
User avatar
FortifyIT
Posts: 21
Joined: 10 Apr 2018 19:07
Contact:

Re: External NIC Issue

Post by FortifyIT »

Hi David

this is the configuration

My normal network that I use with my ASUS router on my home network is 10.11.3.x

CG is connected to ETH0 with Internal 10.11.3.1. GW 10.11.3.254. Subnet 255.255.255.0


The Asus is connected to the ATT modem via internet port of course with a dhcp setting. Att Modem IP is 192.168.1.x

CG is connected to ETH1 with External 192.168.1.2 GW 192.168.1.254 subnet 255.255.255.0


I have a 8 port switch for connecting other devices, etc and ETH0 is plugged into that and then ETH1 is directly plugged into the ATT modem.

I log into the CG Web GUI and cannot ping the ETH1 GW. I'm on the cmd line and can't ping or trace route out either. I've tried to ping via Web and CMD Line and using OpenDNS or Google DNS server IP's or Google.com or Yahoo.com. I have even tried to ping the ATT fiber modem GW and cannot ping that either so something isn't communicating through to even seeing the 192.168.1.254 network, it appears.

I've tried a Straight and a Crossover CAT5 cable just to see.


Thanks
Mike
User avatar
david
Posts: 163
Joined: 08 Aug 2015 20:38

Re: External NIC Issue

Post by david »

Hi,

What seems to be problematic with your configuration is that your CG's route to your external router (ATT modem) passes via your internal router (Asus router) while your CG's external interface is directly connected to your external router (ATT modem). That leads to a random routes to the Internet and hence an asymmetric routing (1 route via the internal router and 1 direct connection to your external router).

Please keep in mind that CG is by design a stateful firewall and blocks asymmetric routed traffic. In order to eliminate your asymmetric routing I suggest that you do the following:

- Disconnect your internal router from your external router (the traffic between those routers should pass via CG).

- Use a third network to connect CG's internal interface to your internal router. Let's say the 172.20.21.0/30 (mask 255.255.255.252) network. This means that you should replace the 192.168.1.0/24 network by the 172.20.21.0/30 network on your internal router. You can use the 172.20.21.1 IP on your internal router and the 172.20.21.2 IP on CG's internal interface.

- Your default gateway on your internal router should be 172.20.21.2 (CG's internal interface).

- Your default gateway on your CG should be 192.168.1.254 (external router). You can run the command setup to reconfigure your network or use the following commands from the CLI:

Code: Select all

ip internal 172.20.21.2 255.255.255.252
ip external 192.168.1.2 255.255.255.250
ip route raz
ip route add default 192.168.1.254
apply force
Below a textual schema of what you need to implement:

[Internal users](10.11.3.1-253)----(10.11.3.254)[Internal Router](172.20.21.1)---(172.20.21.2)[CG](192.168.1.2)---(192.168.1.254)[External Router]---(Internet)

Please let me know if by doing so you resolved the issue.

Best Regards,
David Janeway
CacheGuard Technical Team
https://www.cacheguard.com
User avatar
FortifyIT
Posts: 21
Joined: 10 Apr 2018 19:07
Contact:

Re: External NIC Issue

Post by FortifyIT »

Got it. Thank you for the information.

I'll give that a try and I'll post an update after I do some tinkering.

Thanks David, appreciate it.
Mike
User avatar
FortifyIT
Posts: 21
Joined: 10 Apr 2018 19:07
Contact:

Re: External NIC Issue

Post by FortifyIT »

Hey David

So after Dumping the VM version, I installed the OS and i'm connected and browsing around the internet through the CG.

I'm going to keep on tinkering with things and go from there.

I appreciate your help on this and the install of the OS.

Thanks
MIke
User avatar
david
Posts: 163
Joined: 08 Aug 2015 20:38

Re: External NIC Issue

Post by david »

Hello,
You are very welcome!
Kind Regards,
David Janeway
CacheGuard Technical Team
https://www.cacheguard.com
Post Reply