Default Gateway does not match router IP

[BigDave]

In the web GUI in Network Settings - Global Configuration tab
it shows IPv4 Default Gateway as 192.168.1.7
I have set the two NICs of the freenas box set to "static" (192.168.1.100 & 192.168.1.101)
in my router's DHCP connections settings.

Question: This does not seem to be having a performance impact, but should the GUI setting
(IPv4 Default Gateway) be changed to match the routers settings of either of the two IPs
(192.168.1.100 or 192.168.1.101)?

 

[pirateghost]

Your nas gateway should point to the router for it's gateway. That's the gateway to the internet.

Your dhcp server settings on your router should be set to point clients at the router for gateway.

What do you mean that you have 2 NICs set to static in your router?

#stayparanoid

 

[BigDave]

My router gives options for setting the lease type to: Dynamic or Static for each device on
my home network.

 

[pirateghost]

My router gives options for setting the lease type to: Dynamic or Static for each device on
my home network.

So it just tells the dhcp service in your router to hold the IP lease for those Mac addresses.

That should still rely on your dhcp service being setup correctly to hand out the appropriate info to clients.

All your control should come from your router then. Your router's dhcp server should be configured to hand out its own LAN address as the client gateways.

The best way to go about this is to give us a basic network diagram and info

#stayparanoid

 

[BigDave]

So it just tells the dhcp service in your router to hold the IP lease for those Mac addresses.

That should still rely on your dhcp service being setup correctly to hand out the appropriate info to clients.

All your control should come from your router then. Your router's dhcp server should be configured to hand out its own LAN address as the client gateways.

So your answer to my question is that the IP address in the Default route box (in the GUI) does not matter?

 

[pirateghost]

So your answer to my question is that the IP address in the Default route box (in the GUI) does not matter?

It should point to your router's internal IP address. Does it not? Can your freenas ping the internet?

Since you are using a dhcp reservation for your server you need to verify your router is handing out proper information

 

[BigDave]

Ok, I found this in the manual;

NOTE:
In many cases, a FreeNAS® configuration will deliberately exclude default gateway
information as a way to make it more difficult for a remote attacker to communicate with the server.
While this is a reasonable precaution, such a configuration does not restrict inbound traffic from
sources within the local network. However, omitting a default gateway will prevent the FreeNAS®
system from communicating with DNS servers, time servers, and mail servers that are located outside
of the local network. In this case, it is recommended that Static Routes be added in order to reach
external DNS, NTP, and mail servers which are configured with static IP addresses.

I have tested this out by removing the IP from this window and saving the config.
After blanking out that default gateway window, I can no longer ping the internet at all.

So, if I put in my router's internal IP of 192.168.1.1 in the default gateway window and save the config again,
I can once again ping the internet from the shell.
According to this NOTE above however (if I'm reading it right), having IP address in the default gateway box is a security risk.

If this is indeed a security risk, I would like to follow the recommendation of adding a Static Route
for my mail server. I have no idea how to get this done, can someone help?

 

[pirateghost]

Unless you are forwarding ports to your nas, you shouldn't be concerned with that...

#stayparanoid

 

[Rand]

You shouldnt run your FreeNas with two ips on the same network btw, there is a sticky on this very subforum;)

Unless you are just reserving this in your router and dont have two cables connected and interfaces set to DHCP which would be fine then o/c.

 

[cyberjock]

No, stop.

http://forums.freenas.org/index.php?threads/multiple-network-interfaces-on-a-single-subnet.20204/

Then realize what you are doing is unsupported, not recommended, and can cause all sorts of networking problems.

 

[BigDave]

I'll shut down and disconnect my 2nd network cable,
then reconfigure.
Thanks everyone:D

 

[BigDave]

Ok I took the CAT6 cable out of the second NIC port of the NAS box.
I still need the IPMI port hooked up though right?

 

[Ericloewe]

Ok I took the CAT6 cable out of the second NIC port of the NAS box.
I still need the IPMI port hooked up though right?

It's not an absolute need, but yes, that one stays. It's exclusive to IPMI.

 

[BigDave]

Thanks Eric:)