Inter-VLAN routing goes out WAN?
-
I have several VLANs set up, and everything was working perfectly until I rebooted the systems (to move them to a new UPS). Now, the VLANs cannot reach each other (where they could before).
For example, the pfSense box is 10.0.10.1 and 10.0.20.1. My workstation is 10.0.10.10 on VLAN 10. The FreePBX server is 10.0.20.2 on VLAN 20.
The workstation and FreePBX server both pulled IPs from the DHCP server as expected.
From pfSense I can ping both IPs as expected. The route tables look correct:
But pinging from FreePBX to the workstation returns:
[root@phones ~]# ping 10.0.10.10 PING 10.0.10.10 (10.0.10.10) 56(84) bytes of data. From 74.42.151.81 icmp_seq=1 Destination Net Unreachable
Pinging from the workstation to FreePBX returns:
[~] ⇛ ping 10.0.20.2 PING 10.0.20.2 (10.0.20.2): 56 data bytes Request timeout for icmp_seq 0 Request timeout for icmp_seq 1 Request timeout for icmp_seq 2 Request timeout for icmp_seq 3 Request timeout for icmp_seq 4 Request timeout for icmp_seq 5 Request timeout for icmp_seq 6 36 bytes from ae2---0.car01.mond.mn.frontiernet.net (74.42.151.81): Destination Net Unreachable Vr HL TOS Len ID Flg off TTL Pro cks Src Dst 4 5 00 5400 50bf 0 0000 3e 01 f9de 10.0.10.10 10.0.20.2
Traceroutes (in either direction) show:
[~] ⇛ traceroute 10.0.20.2 traceroute to 10.0.20.2 (10.0.20.2), 64 hops max, 52 byte packets 1 static-74-42-XXX-XXX.dsl1.mond.mn.frontiernet.net (74.42.XXX.XXX) 0.693 ms 0.496 ms 0.451 ms 2 adr01.mond.mn.frontiernet.net (74.42.148.222) 5.796 ms 5.443 ms 5.740 ms 3 ae2---0.car01.mond.mn.frontiernet.net (74.42.151.81) 5.434 ms !N 5.347 ms !N 5.437 ms !N
If it were just a timeout, or "Destination Net Unreachable", I'd assume my firewall rules were broken, but since pings are redirected outside the LAN I think it might be something else. The 74.42.151.81 address is on the same /16 as my ip, but its not anything I'm familiar with.
Any thoughts?
-
And what are you rules on your lan - are you forcing traffic out a gateway?
-
Found it!
I have two WAN connections, and the failover rules were misconfigured. Instead of keeping all local traffic, it was sending anything not in its own /24 out the DSL line. I fixed it by using an alias for my local VLANs instead of the incorrect "network" match.
All better now, thanks.