Static route added via route utility in pfSense shell is working but suddenly stopped working
-
Hi to everyone in this forum,
I'm having a problem with pfSense static route that was added via shell, i've used command:
"route add -net 202.60.9.71/32 192.168.1.246" (temporary)
This worked immediately, i'm able to access 202.60.9.71 after adding my static route.I also added this command to the "rc.conf" file of my pfSense:
(permanent)
This also worked, I've rebooted my pfSense server. Static is auto added. I'm able to access 202.60.9.71 after reboot of my pfSense.This setup is working fine for the last 4 days since my pfSense deployment.
But since yesterday, it stopped working. Below are the troubleshooting done:
-
My static route is present in routing table of my pfSense:
-
pfSense is able to ping 202.60.9.71(host) and 192.168.1.246(gw)
Also my computer connected to my pfSense is able to ping it as well:
-
Trace route 202.60.9.71 in my workstation, traffic to it is routed via pfSense WAN1, it suppose to be routed to 192.168.1.246.
(10.91.15.102 is network of my WAN1) -
Tried to del and add static route to 202.60.9.71, still the same.
-
Tried to reboot my pfSense but still the same.
-
Bypass firewall rules for traffic on the same interface is also enabled:
This is my brief network setup:
202.60.9.71 can be ping over the internet but access to it is only possible via 192.168.1.246(gw)
Please help!
Thank you in advance! -
-
Hi to everyone in this forum,
I've managed to resolved this issue. Resolution is to add a firewall rule for my LAN interface.
-
That doesn't make much sense or SHOUTS bad/asymetric routing. <LAN net> as source on the WAN interface should never ever happen.
-
I realized just now. I've posted the wrong picture. My screenshot suppose to show the LAN interface rule.
But then again, its kind wierd thst pfSense is working fine with my static route via route utility, then suddenly stopped working.
-
Via "route utility" means what exactly? You added a route via "route add" on the console/via SSH?
It's not strange that this stopped working. If you make changes that touch the routing table, it get's reloaded and if you didn't add the entry via the System/Routing WebUI those manual entries get purged.
-
@JeGr yes via SSH console. As far as I know it doesn't get purged. It stays there. The fact that I had it working for 4 days.
Adding this route via System/Routing is not possible. Only GW options listed there are the current GW only of pfSense. My static route is routed to other GW.
-
@limez17 said in Static route added via route utility in pfSense shell is working but suddenly stopped working:
@JeGr yes via SSH console. As far as I know it doesn't get purged. It stays there. The fact that I had it working for 4 days.
Doesn't mean it doesn't get overwritten if you make any change in the UI that somehow triggers a route/gateway specific reload.
Adding this route via System/Routing is not possible. Only GW options listed there are the current GW only of pfSense. My static route is routed to other GW.
Nonsense. Add your GW 192.168.1.246 on whatever interface that is on your Firewall (igb1?) to your gateway list, disable monitoring if that is a problem and add a static route. Just like the documentation says...
-
@JeGr said in Static route added via route utility in pfSense shell is working but suddenly stopped working:
Nonsense. Add your GW 192.168.1.246 on whatever interface that is on your Firewall (igb1?) to your gateway list, disable monitoring if that is a problem and add a static route. Just like the documentation says...
@JeGr I tried deleting, then added again my static route, still won't work.
Adding this other gateway as my gateway for my LAN1 is not possible. Should not set upstream GW for LAN right? -
@limez17 said in Static route added via route utility in pfSense shell is working but suddenly stopped working:
Adding this other gateway as my gateway for my LAN1 is not possible. Should not set upstream GW for LAN right?
Then you're doing something wrong. Post your screens from gateway and routes screens so we can see and help. I've configured countless setups that were not directly connected on the same LAN in the same way: added a manual route via console, got into the WebUI, added the gateway and static routes there, done. No disconnect any more.
And no you shouldn't set it as your LAN gateway. Just add it as another gateway and add a route via it on the static routes tab and it's done.
-
@JeGr how to add my other router as another gateway for my pfSense?
-
@JeGr here is my screens:
GW:
Route:
-
That is not the Routes Screen I was talking but the "static routes" tab on system/routing!
Also: I don't see your gateway 192.168.1.246 in the gateway screenshot.
-
@JeGr I don't have static routes under system/routing. I can't add my static route there.
How to add gateway my other router as gateway on my pfSense?
-
I was already telling you at least twice now
Select the Interface from which your remote LAN gateway has to be reached (I expect LAN! or otherwise you wouldn't add it there manually every...time...again) and add it. Then add your static route with THAT newly defined gateway.A gateway is a gateway. It hasn't to be on WAN if it's not an uplink.
-
@JeGr thank you for clarifying this. This really helped me. Done setting my gateway on LAN interface. It worked well ^_^
Thank you so much.
-
@JeGr route still won't work after adding static route! My static route via static/routing still need a rule on my LAN interface to destination 202.60.9.71 in order to access it.
-
Post your:
Interface rules
Gateway configuration
Static routeAnd describe exactly what source address cannot reach what destination address.
A network diagram would probably help you communicate your issue more effectively.
-
@Derelict
Interface rule:
Gateway configuration:
My LAN address is unable to reach 202.60.9.71 without the LAN rule, should be accessible without it since I have a static route for it.
I already posted my diagram before, but here it is:
