SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264

0001713: Routing problem with two Internet Links - MantisBT
MantisBT - Endian Firewall
View Issue Details
0001713Endian FirewallNetwork related (VPN, uplinks)public2009-03-30 14:382009-10-27 12:00
centeno 
peter-endian 
normalmajoralways
closedfixed 
2.2-rc3 
2.3 
0001713: Routing problem with two Internet Links
Hi,
I have 2 Internet links:
My EFW (2.2 rc3 ) has a DMZ and GREEN Networks.

What do i need ?

Hosts in DMZ go out through Link 1
Hosts in GREEN go out through Link 2

In my EFW, all hosts is going through Link 1 ( main link )

i tried a static route ( Web GUI ), like:
Source: 192.168.100.0/24 - Destination: 0.0.0.0 ( or 0.0.0.0/0) - Gateway: Link 2
But doesn´t work. Also it doesn´t appears in route table

I think that´s a routing problem. Because in the route table the MAIN LINK always is the default route.

Tanks for some help !

P.S. Sorry my poor english
No tags attached.
Issue History
2009-03-30 14:38centenoNew Issue
2009-03-30 14:38centenoAssigned To => peter-endian
2009-04-09 13:26centenoNote Added: 0002118
2009-04-09 14:39peter-endianNote Added: 0002119
2009-06-10 12:47peter-endianNote Added: 0002552
2009-06-10 12:47peter-endianStatusnew => resolved
2009-06-10 12:47peter-endianFixed in Version => 2.3
2009-06-10 12:47peter-endianResolutionopen => fixed
2009-10-27 12:00peter-endianStatusresolved => closed

Notes
(0002118)
centeno   
2009-04-09 13:26   
HI,
The HTTP Proxy is the problem.
When i turn off the proxy, the routing works fine !!!
If i turn on HTTP Proxy, the default route always will be the MAIN Link.
That´s a BUG, right ?

Thanks to Johnny-M ( in forum ).

[]´s
(0002119)
peter-endian   
2009-04-09 14:39   
uh.
no, it's simply functionality which did not made it in the community version, but it's implemented in policy routing in enterprise version.

traffic through transparent application level proxies starts from the local machine. So, the source ip is not your client's ip anymore, but the exiting ip of your firewall.
(0002552)
peter-endian   
2009-06-10 12:47   
will be included in 2.3