Routing to wrong interface
-
https://docs.netgate.com/pfsense/en/latest/book/multiwan/index.html
-
Thanks for the quick reply; not quite sure what multi-wan has to do with this. I'm trying to get to a server on another subnet not trying to use TEMP_LINK as a WAN link
-
Are you policy routing on the LANs? Setting gateways on rules there?
-
No
-
You're right. That doesn't make sense. It looks like you have policy routing enabled.
Post your LAN rules.
-
What is the address of the client on the LAN you are trying to ping from?NMI just tried this via the GUI and the only thing I saw was that I saw no packet captures to my interface but only pings through it.
I have a very similar /30 between two routers.
Does this happen to you when you use the GUI? Ill try via command line in a bit.
-
Pinging from 172.18.1.48
-
pinging fro the GUI works, if I select the source interface or automatic
-
Once I get this working, I plan to change it to a /31, not really necessary, just want too; does pfSense support /31, I see it as an option?
-
I figured it out! Somewhere along the way, things weren't working and I created a gateway for 192.168.10.252. Once I removed it, it started working; it was somewhat related to Multi-WAN; thanks for the help
-
I cannot reproduce this via command line either.
edit-
Glad you found it. -
While it is working now, it got me thinking, there still seems to be a problem with the Multi-WAN routing. I know I am just a user but, seems you should be able to get to your secondary WAN device without having to disable your primary WAN link. There may be an architecture reason this will not work. Using my example above, shouldn't the routing logic know this is a "connected" network and send the packets to the igb3 interface before it decides to send it out the current "WAN"?
-
you can get to any network that is connected to pfsense as long as the firewall rules allow it. You can get to any network that is downstream via these networks as long as you setup a gateway and routes.
I have no idea what you did with your gateway setup - but you sure do not need to disable your wan to use a secondary path, etc.
Keep in mind there is a difference between creating simple routing path via a gateway and routes, and putting a gateway on an interface that makes a "wan" to pfsense which pfsense would by default nat too, etc. And now you would have to take into account your outbound nat settings.
Also policy routing comes into play if you set a gateway on a firewall rule, etc. etc.
-
Sounds like I need to create a separate rule on the LAN interface to use the specific gateway on igb3 instead of the Gateway group. I tried to add a route to 192.168.10.252 but, of course, pfSense would not let me, since it was connected. I will test when I get home and report back.
-
@CyberTiVo said in Routing to wrong interface:
Once I get this working, I plan to change it to a /31, not really necessary, just want too; does pfSense support /31, I see it as an option?
BTW /31 makes no sense to me. /32 is host. /30 is 2 usable addresses. You can't use /31 without some point2point blackmagic in the UI IMHO.
Edit: Actually it's selectable. Don't know if your peer supports it though or if it works at all. Was never needed actually ;)
-
Yes, pfSense supports /31.
-
don't really see the point though. Not like your short on ip space to use for your transit networks ;)
-
It would make sense in something like a colo or metro-e environment. Or anywhere where RFC1918 is the exception not the rule. Which should be everywhere, actually.
