Static Routes are not working

tofti

Hi guys,

i have a problem with static routing. I attached a jpeg with the neworks. I hope it contains everything that`s neccessary.
Additional info Firewall rule for Network IFNET is:
Protocol:  IPv4*
Source:    IFNET net
Port:        *
Destination: *
Port:        *
Gateway:  *
Queue:    *

The problem descritption:

PfSense itself (everything fine):

• can reach every Host in the Subnets 192.168.2.0, 192.168.3.0, 192.168.4.0
• can reach the Internet

Server A (everything fine):

• can reach every Host in the Subnets 192.168.2.0, 192.168.3.0, 192.168.4.0
• can reach the Internet

Laptops A to C (did not work properly):

• can reach the Internet
• can reach Server A (192.168.1.199)
• can not reach WAN Router (192.168.1.1)
• can not reach any Host in the Subnets 192.168.2.0, 192.168.3.0, 192.168.4.0

Traceroute from PfSense to Server A (192.168.1.2):
1  192.168.1.2  0.317 ms  0.121 ms  0.136 ms

Traceroute from PfSense to WAN Router (192.168.1.1):
1  192.168.1.1  0.824 ms *  0.524 ms

Traceroute from PfSense to Host 192.168.2.1 (Remote Nework):
1  192.168.1.1  0.824 ms  0.722 ms  0.732 ms
2  10.184.244.29  8.558 ms  9.376 ms  7.883 ms
3  10.201.209.221  14.112 ms  14.464 ms  14.107 ms
4  10.201.209.222  133.048 ms  69.412 ms  42.216 ms
5  192.168.2.1  41.287 ms  51.410 ms  47.158 ms

Traceroute from Laptop to Server A (192.168.1.2):
1    <1 ms    <1 ms    <1 ms  pfsense [192.168.1.199]
2    68 ms    <1 ms    <1 ms  192.168.1.2

Traceroute from Laptop to WAN Router (192.168.1.1):
1    <1 ms    <1 ms    <1 ms  pfsense [192.168.1.199]
2    *        *        *    timeout
3    *        *        *    timeout
4    *        *        *    timeout
never comes back

Traceroute from Laptop to Host 192.168.2.1 (Remote Nework):
1    36 ms    <1 ms    <1 ms  pfsense [192.168.1.199]
2    *        *        *    timeout
3    *        *        *    timeout
4    *        *        *    timeout
never comes back

I do not understand why the static routes are not working for the WAN Router and the Remote Network.
Perhaps somebody can it explain to me.

Cu
Thomas

tofti

Sorry,

I forgot to paste the Version of PfSense:

2.3.4-RELEASE (amd64)
built on Wed May 03 15:13:29 CDT 2017
FreeBSD 10.3-RELEASE-p19

viragomann

I guess you're missing a route on the WAN router to IFNET. It should point to the IFWAN IP on pfSense.

tofti

Hi viragomann,

but why there is a route missing on the WAN router. (I can`t add a route on this router it is handled by the Internet Service Provider).

The DSL Router did not have a route and it works.

Cu

viragomann

The WAN router has also to know that IFNET is behind pfSense otherwise it directs packets destined for this subnet (here the ping responses) to its default gateway.

If adding a route to this router isn't an option you can solve it by an SNAT rule.

tofti

Hi viragomann,

thank your very much for your hint.

Adding a route to this router is not possible.

I have added a SNAT rule and now everything works like a charm.

Cu
Thomas