0

I have a main and branch office. The branch office has a flaky internet connection and I'd like to let users in that office surf the internet using gateway (or proxy) in our main office.

I have a 192.168.3.x - 255.255.255.0 network in branch office with an astaro security gateway (router - firewall) at 192.168.3.254.

This astardo has 3 eth connections:

Internal (192.168.3.x) Wifi Bridge (192.168.255.x) Public (Internet - Flaky)

On the other end of Wifi bridge I have main office network: 10.0.0.x I can ping without problems from one network to the other and I successfully configured a squid transparent proxy in main office. I can surf the internet perfectly adding the correct proxy (10.0.0.254) in branch office browsers but I'd like to find a way that involves less administrative effort.

Any ideas?

I thought about getting rid of the proxy and set up a Zeroshell gateway but I have little experience about this kind of work so an idea from an expert would be lovely.

Pitto
  • 2,009
  • 10
  • 33
  • 49

2 Answers2

1

If you do not intend to use the flaky internet connection at the branch office, change the default route of the device servicing that 3.X network to be the same as the default route at your main office. This should send all traffic not local over the bridge and out your main office pipe. Keep in mind, you may also have to adjust things like DNS and DHCP to reflect new settings like DNS servers and whatnot.

That all being said, why not just FIX the flaky Internet connection, how is it flaky?

SpacemanSpiff
  • 8,753
  • 1
  • 24
  • 35
  • The connection is not really flaky is just VERY slow (512 kb) compared to the huge 100mb in the main office you can understand why I need to realize this kind of project :) I'd need more precise information about how to redirect traffic (using a static route?) on the astaro. I have a general idea but what I need is a solution. – Pitto Jun 03 '11 at 08:34
  • Well, something at the branch site must be "routing" that 3.X network right now, there is a device there and it has a default route such as 0.0.0.0/0 to your.isp.gateway.here. You would change this default route to the IP of your gateway on the other end. This device would have to know how to get to that network as well, and the answering device would have to know how to get back. – SpacemanSpiff Jun 03 '11 at 13:27
  • So I should enable natting from branch internal network to the internet connection in main office and add static routes here and there to ensure the communication, right? – Pitto Jun 03 '11 at 13:29
  • Yes, exactly. The device performing NAT needs a static route that tells it to use the bridge network to reach the 3.X network, and likewise at the other side whatever the default gateway is for the machines there needs to know that bridge network is how they reach the 10.X network, and that the default route is the NAT device on the 10.X network. – SpacemanSpiff Jun 03 '11 at 13:35
  • So just one last focus... I can't understand how this wifi bridge works. I just know that if I ping an ip on the other network I get a response and I can't find any kind of rules / routes / nat... Nothing. O_O So just adding a new default gateway on the branch office astaro could do the job? It should mean that (if set even if I can't tell where) if I can ping a pc packets should "find their way"? I'm sorry for being not accurate but I'm really new to this. – Pitto Jun 03 '11 at 13:49
  • why don't you do an IPCONFIG /all from a computer on both the 10.X network and the 3.X network, and I'll help you from there. – SpacemanSpiff Jun 03 '11 at 14:02
  • I didn't double check my implementation of your suggestion and, of course, I did enter wrong ips: works as a charm. Thanks! – Pitto Jun 08 '11 at 11:29
1

I was writing something very similar to @Spaceman. Make sure that the new static default route via the main office gets a better metric than the route via the flaky connection then it will be used as long as that link is available and the flaky route will come back into play if the link is lost.

blankabout
  • 1,014
  • 1
  • 9
  • 16