Routes

From Edge Threat Management Wiki - Arista
Jump to navigationJump to search

Routes

Untangle routes all traffic according to its routing table. As such it is absolutely critical to configure your Untangle server with a complete routing table.

If Untangle does not have a complete routing table, it will not be able to reach hosts behind Untangle and will not properly route return traffic back to them and they will be offline.

A route
  • Description
    • A description of this route. This is just for documentation.
  • Network
    • This is the IP/network for this route. Upon saving any bits past the prefix length or netmask will be zeroed out as they are irrelevant and are not accepted in a route.
  • Netmask/Prefix
    • This is the netmask (or prefix) for this route.
  • Next Hop
    • This should either be a currently reachable local IP address, or an interface chosen from the dropdown. If an IP address is specified all traffic to this network will be routed to that IP address. If an interface is specified all traffic to this network will be routed locally on that IP address using ARP to resolve those hosts.

TIP: It is easy to test routes using the Ping Test in Config > Network > Troubleshooting > Ping Test. If Untangle can ping a host on the network in question it is likely the route is correct. If Untangle can not ping a host on the network in question the route is probably incorrect and those hosts will not be online.

Common Uses

Some network have subnets that exists behind other internal routers. For example, lets say my Internal interface is 192.168.1.1/24. There is also a 192.168.2.0/24 network that exists behind another router at 192.168.1.5. Without this route that entire network would be offline because its return traffic would go to the wrong place (the default gateway). In this case I need specify that the 192.168.2.* network is reachable through 192.168.1.5. This would look as follows:

An example route

Some networks also run multiple subnets on the same switch infrastructure internally. If these are "untagged" networks/VLANs, you simply need to add a route. For example, lets say my Internal interface is 192.168.1.1/24. There is also a 10.0.0.0/8 network on this interface. Without a route these hosts would be offline because its traffic would be routed to the wrong place (the default gateway). In this case I need to specify that 10.*.*.* hosts are reachable on the Internal interface directly. This would look as follows:

Another example route