Forward /29 through gre tunnel and allocate public ips on hosts.

s_serra

Traceroute is working strangely. Ping does not work.

Curl to ifconfig.me to check external ip doesn't work either.

root@teste:~# traceroute 185.83.212.22
traceroute to 185.83.212.22 (185.83.212.22), 30 hops max, 60 byte packets
 1  10.0.2.2 (10.0.2.2)  8.143 ms  8.094 ms  8.068 ms
 2  gw-141.i4w.pt (185.113.141.1)  8.473 ms  8.448 ms  8.424 ms
 3  NOS.AS2860.gigapix.pt (193.136.251.4)  9.113 ms  9.088 ms  9.173 ms
 4  * * *
 5  * * *
 6  pt1.cr1.as44222.net (185.83.212.11)  13.342 ms  13.255 ms  13.206 ms
 7  * * *
 8  * * *
 9  * * *
10  * * *
11  * * *
12  * * *
13  * * *
14  * * *
15  * * *
16  * * *
17  * * *
18  * * *
19  * * *
20  * * *
21  * * *
22  * * *
23  * * *
24  * * *
25  * * *
26  * * *
27  * * *
28  * * *
29  * * *
30  * * *
root@teste:~# ping 185.83.212.22
PING 185.83.212.22 (185.83.212.22) 56(84) bytes of data.
^C
--- 185.83.212.22 ping statistics ---
9 packets transmitted, 0 received, 100% packet loss, time 8171ms

stephenw10

What about if you traceroute with ICMP?:

traceroute -I 185.83.212.22

That completes for me here.

s_serra

@stephenw10

It's very strange, sometimes my pc's ping to 185.113.143.50 works, other times it doesn't, without touching anything.

root@teste:~# traceroute -I 185.83.212.22
traceroute to 185.83.212.22 (185.83.212.22), 30 hops max, 60 byte packets
 1  10.0.2.2 (10.0.2.2)  8.193 ms  8.163 ms  8.156 ms
 2  gw-141.i4w.pt (185.113.141.1)  8.433 ms  8.427 ms  8.424 ms
 3  NOS.AS2860.gigapix.pt (193.136.251.4)  9.332 ms  9.376 ms  9.587 ms
 4  10.255.184.110 (10.255.184.110)  13.387 ms  13.381 ms  13.407 ms
 5  * * *
 6  pt1.cr1.as44222.net (185.83.212.11)  13.336 ms  13.000 ms  12.967 ms
 7  * * *
 8  * * *
 9  * * *
10  * * *
11  * * *
12  * * *
13  * * *
14  * * *
15  * * *
16  * * *
17  * * *
18  * * *
19  * * *
20  * * *
21  * * *
22  * * *
23  * * *
24  * * *
25  * * *
26  * * *
27  * * *
28  * * *
29  * * *
30  * * *
root@teste:~#

stephenw10

And still nothing shown in the firewall logs as blocked on either pfSense install?

s_serra

@stephenw10

in the local pfsense no, in the remote the firewall is disabled.

stephenw10

Hmm, well I see nothing in pfSense that would be causing a problem here and you say nothing changed there.

I can't ping 185.113.143.50 from here:

PING 185.113.143.50 (185.113.143.50) 56(84) bytes of data.
From 194.38.148.182 icmp_seq=1 Destination Host Unreachable

But I don't know if I should be able to.

If you can't ping into the routed subnet either that looks more like some routing issue. But it doesn't look like it's in pfSense because it can traceroute to something at least as far as the ISP.

Steve

s_serra

@stephenw10

The ip 185.113.143.49 is the ip of the vlan interface of the local pfsense and I think it's always working fine (the icmp is active you can ping it). The rest of the vms that have 185.113.143.49 as a gateway don't work well sometimes it works sometimes it doesn't.

stephenw10

Doesn't work from here:

PING 185.113.143.49 (185.113.143.49) 56(84) bytes of data.
From 194.38.148.182 icmp_seq=1 Destination Host Unreachable
From 194.38.148.182 icmp_seq=2 Destination Host Unreachable

Something filtering the source upstream?

tedquade

@stephenw10 works from my location:

C:\Users\Ted>ping 185.113.143.49

Pinging 185.113.143.49 with 32 bytes of data:
Reply from 185.113.143.49: bytes=32 time=215ms TTL=48
Reply from 185.113.143.49: bytes=32 time=209ms TTL=48
Reply from 185.113.143.49: bytes=32 time=215ms TTL=48
Reply from 185.113.143.49: bytes=32 time=225ms TTL=48

Ping statistics for 185.113.143.49:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 209ms, Maximum = 225ms, Average = 216ms

C:\Users\Ted>

stephenw10

Mmm, still failing here so it looks like something rejecting it for some sources.

Does your route go through 194.38.148.182?

tedquade

@stephenw10 It does not.

I attempted to post the complete traceroute but it was flagged as spam.

Ted

stephenw10

Mmm, this appears to be something in the route. I don't believe this is anything to do with either pfSense box.

s_serra

It's very strange if it's something out of the two pfsense I don't have access to their network and I can't do anything. I already sent a message to my isp and they say that on their side everything is fine. I use https://lg.as44222.net/ to test the ping as they are linked to the same ixp . It could probably be a routing conflict on their side or the ddos protection they have that is causing these problems. Thank you for your help.

s_serra

I was in contact with my ISP and we managed to solve the problem by changing the ip 185.113.141.145 to the ip 185.113.143.xx inside the /24 of my /28. Thank you for help.