Missing pfSense hop in my LAN?
-
This is my pfSense machine (2 WANs, 1 LAN):
*** Welcome to pfSense 2.3-BETA-pfSense (amd64) on pfSense-ThreepWood *** WAN (wan) -> hme3 -> v4/DHCP4: 192.168.10.4/24 LAN (lan) -> hme0 -> v4: 192.168.8.1/24 WAN2 (opt1) -> hme2 -> v4/DHCP4: 192.168.1.35/24
On LAN there is only a router Buffalo WHR-HP-GN:
IP Address 192.168.8.100 Subnet Mask 255.255.255.0 Default Gateway 192.168.8.1 (Via DHCP) DNS1(Primary) 192.168.8.1 (Via DHCP) Host Name buffalo (Via DHCP) Domain Name localdomain (Via DHCP) MTU Size 1500 DHCP Server Address 192.168.8.1 Lease Start Time 2016/01/10 12:10:36 Lease Period 2016/01/11 12:10:36 Wired Link 100Base-TX (Full-duplex) MAC Address 00:24:A5:0E:A8:42
The internal (LAN again) side of this WHR-HP-GN:
IP Address 192.168.11.1 Subnet Mask 255.255.255.0 DHCP Server Enabled MAC Address 00:24:A5:0E:A8:42
And this a Ubuntu machine inside my (final) LAN:
luis@Chomsky:~$ sudo ifconfig eth0 Link encap:Ethernet direcciónHW 00:23:54:7f:f2:4f Direc. inet:192.168.11.113 Difus.:192.168.11.255 Másc:255.255.255.0 Dirección inet6: fe80::223:54ff:fe7f:f24f/64 Alcance:Enlace ACTIVO DIFUSIÓN FUNCIONANDO MULTICAST MTU:1500 Métrica:1 Paquetes RX:50109 errores:0 perdidos:0 overruns:0 frame:0 Paquetes TX:44033 errores:0 perdidos:0 overruns:0 carrier:2 colisiones:0 long.colaTX:1000 Bytes RX:10956381 (10.9 MB) TX bytes:3859693 (3.8 MB)
So, the path to, say, IP 8.8.8.8 should be:
192.168.11.113 --> Ubuntu computer 192.168.11.1 --> Buffalo WHR-HP-GN 192.168.8.1 --> pfSense machine 192.168.10(or 1).1 --> DSL Router Outside world (operator)
But the results are:
luis@Chomsky:~$ sudo traceroute 8.8.8.8 traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets 1 Router- (192.168.11.1) 0.459 ms 0.390 ms 0.532 ms 2 192.168.10.1 (192.168.10.1) 2.505 ms 192.168.1.1 (192.168.1.1) 2.544 ms 192.168.10.1 (192.168.10.1) 2.481 ms 3 85.Red-80-58-67.staticIP.rima-tde.net (80.58.67.85) 47.383 ms 86.Red-80-58-67.staticIP.rima-tde.net (80.58.67.86) 48.388 ms 85.Red-80-58-67.staticIP.rima-tde.net (80.58.67.85) 48.159 ms 4 * * *
… or (for the other gateway).
luis@Chomsky:~$ sudo traceroute 8.8.8.8 traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets 1 Router- (192.168.11.1) 0.339 ms 0.348 ms 0.501 ms 2 192.168.1.1 (192.168.1.1) 2.104 ms 192.168.10.1 (192.168.10.1) 1.907 ms 192.168.1.1 (192.168.1.1) 2.465 ms 3 86.Red-80-58-67.staticIP.rima-tde.net (80.58.67.86) 4 * * *
Isn't it missing here the hop corresponding to the pfSense machine? This is: 192.168.8.1 ?
-
not 100% sure, but i think it's because you have 2 wan, and you have gateway group (probably) to load balance your traffic. pfsense become transparent in a traceroute at this point.
-
not 100% sure, but i think it's because you have 2 wan, and you have gateway group (probably) to load balance your traffic. pfsense become transparent in a traceroute at this point.
Yes, route-to just passes things to the specified gateway and doesn't decrement the TTL, hence it doesn't show up in traceroute when traffic matches a rule specifying a gateway.