Archives
/
opensense-docs
mirror of https://github.com/opnsense/docs
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
master
dashboard
BGP_ASN_Alias_FR5913
rss
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '74b13d12d5'
${ noResults }
opensense-docs/source/manual/routes.rst

155 lines
5.8 KiB
ReStructuredText
Raw Blame History

=========
Routes
=========
Routing is one of the core features of your firewall, which is responsible for forwarding packets over the network
based on (predefined) paths.
Within the routing section of your firewall you can keep track of configured routes and define static routes
yourself to teach your firewall which path it should take when forwarding packets to a specific network.
.. blockdiag::
:desctable:
blockdiag {
client [shape="cisco.pc", label="[1]"];
OPNsense [shape="cisco.firewall", label=""];
internet [shape="cisco.cloud"];
private_net [shape="cisco.cloud", label=""];
private_net2 [shape="cisco.cloud", label="[2]"];
Gateway1 [shape="cisco.router", label=""];
Gateway2 [shape="cisco.router", label="[3]"];
client -> OPNsense;
OPNsense -> Gateway1 -> internet;
OPNsense -> Gateway2 -> private_net;
OPNsense -> Gateway2 -> private_net2;
group {
label = "Client";
color = none;
client;
}
group {
label = "OPNsense";
color = none;
OPNsense;
}
group {
label = "Gateways";
color = none;
Gateway1 ;
Gateway2 ;
}
group {
label = "Networks";
color = none;
internet;
private_net;
private_net2;
}
}
When a client sends a packet to the firewall for a network not directly attached to it, the firewall would
normally check its routing table to determine to which gateway (see :doc:`/manual/gateways`) it should be send.
.. Tip::
Use traceroute (:menuselection:`Interfaces --> Diagnostics --> Trace Route`) to verify which path traffic would
follow to reach its destination.
----------------------
Configuration
----------------------
This is where you can setup static routes, looking at the diagram in the previous chapter, here you would define how
:code:`[1]` would access :code:`[2]` using router :code:`[3]`.
The number of settings are obviously limited, we need to know the gateway and the target network.
===========================================================================================================
============================= =============================================================================
Disabled (temporary) disable this item
Network Address Destination network to reach
Gateway The gateway to use.
Description Optional description for this item
============================= =============================================================================
.. Note::
Some services are known to update the routing table themselves, in which case you shouldn't add static routes
manually (OpenVPN manages its own routes for example).
----------------------
Status
----------------------
The status page shows the current active content of the routing table.
===========================================================================================================
============================= =============================================================================
Proto Protocol (IPv4 or IPv6)
Destination Destination network
Gateway Where to send the packet for this destination network
Flags Routes have associated flags which influence operation of the protocols
when sending to destinations matched by the routes.
See the **Flags** table below for details.
Use Counts the number of packets sent via this route
MTU The MTU set for this route
Netif Interface to use for this route
Netif (name) Name of the interface if found
Expire The time at which this route should expire, or zero if it should never expire.
It is the responsibility of individual protocol suites to ensure that routes are
actually deleted once they expire.
============================= =============================================================================
.............
Flags
.............
The following flags are supported by the kernel.
============================= =============================================================================
Letter / Flag Description
============================= =============================================================================
1 [RTF_PROTO1] Protocol specific routing flag
2 [RTF_PROTO2] Protocol specific routing flag
3 [RTF_PROTO3] Protocol specific routing flag
B [RTF_BLACKHOLE] Just discard pkts (during updates)
b [RTF_BROADCAST] The route represents a broadcast address
C [RTF_CLONING] Generate new routes on use
c [RTF_PRCLONING] Protocol-specified generate new routes on use
D [RTF_DYNAMIC] Created dynamically (by redirect)
d [RTF_DONE] Message confirmed
G [RTF_GATEWAY] Destination is a gateway
H [RTF_HOST] Host entry (net otherwise)
L [RTF_LLINFO] Valid protocol to link address translation
M [RTF_MODIFIED] Modified dynamically (by redirect)
R [RTF_REJECT] Host or net unreachable
S [RTF_STATIC] Manually added
U [RTF_UP] Route usable
X [RTF_XRESOLVE] External daemon resolves name
============================= =============================================================================
----------------------
Logs
----------------------
Route related logging, like :code:`radvd` and :code:`rtsold` for IPv6 write messages to this logging section
which can be used for debugging purposes.
Reference in New Issue View Git Blame Copy Permalink