Routing question - I am confused

hi everybody,

i have a question for routing traffic with two eth.

eth3 is the public ip where my pbx is reachable over the internet. eth4 is in a separate network where my clients over ipsec should connect to the server. reason for that: only the ip from the SIP trunk server shall communicate with my pbx (via firewall)

therefore I have these configs:

Generic Firewall Configuration

Generated by FreeePBX Firewall.

This file MAY BE CHANGED

DEVICE="eth3"
BOOTPROTO="static"
BROADCAST="22.22.152.231"
DNS1="8.8.8.8"
DNS2="22.22.152.225"
GATEWAY="22.22.152.225"
IPADDR="22.22.152.229"
NETMASK="255.255.255.248"
NM_CONTROLLED="yes"
ONBOOT="yes"
TYPE="Ethernet"
ZONE=trusted

Generic Firewall Configuration

Generated by FreeePBX Firewall.

This file MAY BE CHANGED

DEVICE="eth4"
BOOTPROTO="static"
BROADCAST="10.253.0.255"
DNS1="10.253.0.254"
DNS2="8.8.8.8"
GATEWAY="10.253.0.254"
IPADDR="10.253.0.253"
NETMASK="255.255.255.0"
NM_CONTROLLED="yes"
ONBOOT="yes"
TYPE="Ethernet"
ZONE=trusted

now with that config I can reach the internet and also all other networks which are connected over IPSEC…problem: my pbx is not reachable over the internet anymore because the routing is wrong 0.0.0.0 10.253.0.254

I tried some things but I got confused and nothing works really the way I would like to have it. Is this a thing I have to put on freepbx with routes or something I have to put on my firewall (sophos?)

I really would appreciate any help from anyone here - thank you very much in advance, best regards, hubert

In general, when you have multiple paths to the internet from your PBX, you need to establish routes to force some IPs through one NIC, and some other through the other.

In your case, generally speaking, I think you have to force your PBX to use eth3 when communicating with the IP of your provider.

Probably when you configured IPSEC, the configuration forced all traffic through IPSEC interface and that is why you are seeing this behaviour.

I have two interfaces on my PBX, eth0 which is used to communicate with my VoIP provider and eth1 connected to my LAN and used by the office phones to register to the PBX. Since that internal LAN also has access to Internet, I have forced the PBX to use eth0 to communicate with the IP of my provider.

hi arielgrin,

and how to I force freepbx to speak over the internet with my provider?

thanks hubert

Assuming you want to connect to your provider over eth3, this is the file you must create

1.- go to directory /etc/sysconfig/network-scripts

2.- create file route-eth3

3.- type this line on the file, adapting it to your needs:
X.X.X.X./32 via 22.22.152.225 dev eth3

Where X.X.X.X is the IP of the VoIP server of your provider, and 22.22.152.225 is your default gateway on eth3 according to your first post.

hi ariel,

thanks again,

i just solved the problem myself… i added: route add -net 10.52.0.0/16 10.253.0.254 eth4

its working perfectly!

thanks again, regards, hubert

Great news! Just be sure that your route table is set to persist through reboots, otherwise you will lose that line if the server is restarted.