2.1: Default gateway on wrong interface
-
I have upgraded from 2.0.3 to 2.1 and packets were not routing out of the network.
One some further investigation it appears that although the default GW is set to my WAN interface when viewing netstat the default route was set to go out of my LAN interface.
I have manually updated it with:
route change default 80.175.54.33 -ifp em1
which resolved the problem but if I reboot pfsense or anything it is reverting back to the LAN interface (em0). Is this a bug in 2.1?
-
I haven't seen that exact problem before. Do you have a gateway defined on LAN? Is there actually a gateway on the LAN side?
Steve
-
Why not use the WebConfigurator to change the default GW to Wan? Should be sticky then.
-
It already appears to have been set to WAN, that's the worrying part.
Steve
-
Check your config.xml, I'll wager you have a duplicate gateway entry (two or more with the same name) and one of them is set to default yet not showing in the GUI.
-
Thanks for the replies guys :)
There is no gateway configured on the LAN, and as mentioned the defaultGW is already configured to the WAN interface - that is the worrying part :)
Just checked he config.xml, there only appears to be one gateway set:
<gateways><gateway_item><interface>wan</interface> <gateway>80.175.54.33</gateway> <name>WANGW</name> <weight>1</weight> <ipprotocol>inet</ipprotocol> <interval><descr><defaultgw></defaultgw></descr></interval></gateway_item></gateways>
Guessing that is the right section?
Just to add as I am in the file, this is the WAN interface config:
<wan><enable><if>em1</if> <blockpriv><blockbogons><spoofmac><ipaddr>80.175.54.34</ipaddr> <subnet>28</subnet> <gateway>WANGW</gateway></spoofmac></blockbogons></blockpriv></enable></wan>
My routes from netstat:
0.0.0.0&0x50af3422 80.175.54.33 UGS 0 0 em0 => default 80.175.54.33 UGS 0 3689744 em1 80.175.54.32/28 link#2 U 0 73082 em1 80.175.54.34 link#2 UHS 0 0 lo0 80.175.54.35 link#2 UHS 0 0 lo0 80.175.54.36 link#2 UHS 0 0 lo0 80.175.54.37 link#2 UHS 0 0 lo0 80.175.54.38 link#2 UHS 0 0 lo0 80.175.54.39 link#1 UHS 0 0 lo0 80.175.54.40 link#2 UHS 0 0 lo0 80.175.54.41 link#2 UHS 0 0 lo0 80.175.54.42 link#2 UHS 0 0 lo0 80.175.54.43 link#2 UHS 0 0 lo0 80.175.54.44 link#2 UHS 0 0 lo0 80.175.54.45 link#2 UHS 0 0 lo0 80.175.54.46 link#2 UHS 0 0 lo0 89.145.202.114 80.175.54.33 UGHS 0 43457 em0 127.0.0.1 link#7 UH 0 2521 lo0 176.35.234.97 80.175.54.33 UGHS 0 3305222 em0 192.168.1.0/24 link#1 U 0 5323347 em0 192.168.1.1 link#1 UHS 0 0 lo0
My routes prior to manually adjusting the default:
default 80.175.54.33 UGS 0 3689744 em0 80.175.54.32/28 link#2 U 0 73082 em1 80.175.54.34 link#2 UHS 0 0 lo0 80.175.54.35 link#2 UHS 0 0 lo0 80.175.54.36 link#2 UHS 0 0 lo0 80.175.54.37 link#2 UHS 0 0 lo0 80.175.54.38 link#2 UHS 0 0 lo0 80.175.54.39 link#1 UHS 0 0 lo0 80.175.54.40 link#2 UHS 0 0 lo0 80.175.54.41 link#2 UHS 0 0 lo0 80.175.54.42 link#2 UHS 0 0 lo0 80.175.54.43 link#2 UHS 0 0 lo0 80.175.54.44 link#2 UHS 0 0 lo0 80.175.54.45 link#2 UHS 0 0 lo0 80.175.54.46 link#2 UHS 0 0 lo0 89.145.202.114 80.175.54.33 UGHS 0 43457 em0 127.0.0.1 link#7 UH 0 2521 lo0 176.35.234.97 80.175.54.33 UGHS 0 3305222 em0 192.168.1.0/24 link#1 U 0 5323347 em0 192.168.1.1 link#1 UHS 0 0 lo0
And finally just for sanity and in case it helps here is an ifconfig:
em0: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500 options=9b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum>ether 00:50:56:b1:99:ca inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255 inet6 fe80::250:56ff:feb1:99ca%em0 prefixlen 64 scopeid 0x1 inet 80.175.54.39 netmask 0xfffffff0 broadcast 80.175.54.47 nd6 options=1 <performnud>media: Ethernet autoselect (1000baseT <full-duplex>) status: active em1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 options=9b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum>ether 00:50:56:b1:3b:00 inet 80.175.54.34 netmask 0xfffffff0 broadcast 80.175.54.47 inet6 fe80::250:56ff:feb1:3b00%em1 prefixlen 64 scopeid 0x2 inet 80.175.54.35 netmask 0xfffffff0 broadcast 80.175.54.47 inet 80.175.54.36 netmask 0xfffffff0 broadcast 80.175.54.47 inet 80.175.54.37 netmask 0xfffffff0 broadcast 80.175.54.47 inet 80.175.54.38 netmask 0xfffffff0 broadcast 80.175.54.47 inet 80.175.54.43 netmask 0xfffffff0 broadcast 80.175.54.47 inet 80.175.54.44 netmask 0xfffffff0 broadcast 80.175.54.47 inet 80.175.54.45 netmask 0xfffffff0 broadcast 80.175.54.47 inet 80.175.54.46 netmask 0xfffffff0 broadcast 80.175.54.47 inet 80.175.54.42 netmask 0xfffffff0 broadcast 80.175.54.47 inet 80.175.54.40 netmask 0xfffffff0 broadcast 80.175.54.47 inet 80.175.54.41 netmask 0xfffffff0 broadcast 80.175.54.47 nd6 options=1 <performnud>media: Ethernet autoselect (1000baseT <full-duplex>) status: active</full-duplex></performnud></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum></up,broadcast,running,simplex,multicast></full-duplex></performnud></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum></up,broadcast,running,promisc,simplex,multicast>
-
What is 80.175.54.33 (the WAN gateway?) and how come you seem to have routes to it via two interfaces? :-
You seem to have routes to some other addresses that are via the above gateway on em0 even after you've switched the default over. Is that just a hangover from the previous situation? Hmm.Steve
-
80.175.54.33 is a Cisco router, not part of our kit though. Its the ISP's kit in the data centre.
Good spot, I never noticed those routes and certainly never added them.. I havent added any static routes onto here. I have cleared them off and going to try a reboot. Fingers crossed!
-
Since you only have one gateway this shouldn't make any difference but do you have 'Allow default gateway switching' enabled in System: Advanced: Miscellaneous: ?
Steve
-
Check your DNS settings also (System > General) and make sure you don't have something there tied to the LAN interface