Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    LAN Routes just disappear

    Scheduled Pinned Locked Moved Routing and Multi WAN
    3 Posts 3 Posters 580 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      Milan M
      last edited by

      Hello everyone,

      I have a question on disappearing LAN routes.

      Our network has five LANs:

      1. interface LAN is defined as 172.20.20.0/24 (created during general setup)

      2. OpenVPN LAN is defined as 192.168.72.0/24 (created during OpenVPN setup)

      3. 192.168.60.0/24 (CRM network)

      4. 192.168.69.0/24 (Servers network)

      5. 192.100.100.0/24 (internal infrastructure LAN)

      LANs 3-5 have been created by going to "Firewall -> Rules -> LAN" and creating the rules there.
      We only have one gateway (default GW), and all LANs happily routed to the internet without any issues.

      Here is the pic of the setup:

      41acb6be-2297-489d-b314-598dcd290df2-image.png

      Then two days ago, the routes for LANs 3-5 have just disappeared from routes. Going to "Diagnostics -> Routes" only showed the WAN and first two LANs (interface LAN and OpenVPN LAN).

      It's like the manually created LANs were second class citizens.

      The only warning we got that something was wrong was that the upload into a server behind pfSense was very, very slow. So we started looking at the pfSense appliance... when we lost our connection to the server, we tried to open a new one and failed. We opened routing page in diagnostics and saw that routes for LANs 3-5 are gone, so no connection could be made from the outside world to them.

      It also looked like pfSense was gradually being overwhelmed by something, but the number of states, cpu load and memory consumption were all within normal. Also, there were 0 packet collisions and 0 errors on either interface. Totally weird.

      Does anyone have any theories as to how the routes disappear?
      Maybe some sudden load on the appliance?
      If so, why would it just drop these "manual" LANs and not the other ones?
      How would one go about debugging this?

      What we did was we restarted the appliance (thank god WAN was responsive at least) and everything started working again.

      Much appreciate all the replies!

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        Not sure what you're doing.

        Firewall rules have nothing whatsoever to do with establishing routes in the routing table.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • johnpozJ
          johnpoz LAYER 8 Global Moderator
          last edited by johnpoz

          @Milan-M said in LAN Routes just disappear:

          LANs 3-5 have been created by going to "Firewall -> Rules -> LAN" and creating the rules there.

          That is not how you create anything.. Creating other lan would be done via interface assignments, be it a physical interface or a vlan you assign.

          If you have other networks that are downstream that you want to get to via some other downstream router, then you wuld need to create a gateway in routing, and then the route(s) telling the networks at are available via that gateway.

          Yes you would need to create rules to allow them access.. But that is not what "creates" them or routes to them.

          Btw your rule there for "lan" isn't going to do anything - the source is set for the lan address, not the network.. So that says hey pfsense if you see traffic from your own lan address allow it ) Never going to work that way..

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.8, 24.11

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.