Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Can't reach anything outside from pfSense without adding static routes

    Routing and Multi WAN
    2
    3
    259
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      Lurick LAYER 8
      last edited by Lurick

      Recently I noticed that I couldn't reach anything from the CLI of the pfsense box aside a few addresses (public DNS and a couple other static entries) for IPv4 BUT I can ping anything for IPv6 from the pfsense box no issues. Additionally pfBlockerNG and Snort cannot update either because the pfsense box itself cannot seem to reach anything. I'm at a bit of a loss since I can't seem to find anything that would indicate what is wrong or maybe I'm just not paying enough attention. This is the netstat output from the CLI:
      netstat -rWn
      Routing tables
      Internet:
      Destination Gateway Flags Use Mtu Netif Expire
      default x.y.z.1 UGS 9027113 1500 ixl0
      x.y.z.0/22 link#3 U 1 1500 ixl0
      x.y.z.1 [MAC of local interface] UHS 177910 1500 ixl0
      127.0.0.1 link#8 UH 2616838 16384 lo0
      192.168.2.0/24 link#4 U 3604405 1500 ixl1
      192.168.2.1 link#4 UHS 0 16384 lo0

      Internet6:
      Destination Gateway Flags Use Mtu Netif Expire
      default [link-local-addr]%ixl0 UGS 81536 1500 ixl0
      ::1 link#8 UH 629209 16384 lo0

      If I create two IPv4 /1 static routes in pfsense though pointed at that same gateway IP address then I can reach everything and pfblocker/snort/etc all update fine without issue. When I check on the gateway section it shows Online for IPv4 and IPv6 gateways and I can ping the gateway IP address as well but when I try to traceroute to anything like 8.8.8.8 it just dies and gets no response so I'm at a bit of a loss there. If I tell ping to source specifically from the WAN IP address it works and same for the LAN but if I don't specify anything then it just times out.

      Lastly this ONLY impacts the pfsense box itself, nothing behind the pfsense router on the LAN side is impacted and can get out to the internet for IPv4 and IPv6 and is natted without issue (for IPv4).

      This was working fine a few days ago and I had only made a single firewall change since then with I've now reverted and cleared the state table on. Additionally, I've tried rebooting the box several times as well but to no avail.
      Software version: 22.05-RELEASE

      johnpozJ 1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator @Lurick
        last edited by

        @lurick said in Can't reach anything outside from pfSense without adding static routes:

        default x.y.z.1 UGS 9027113 1500 ixl0
        x.y.z.0/22 link#3 U 1 1500 ixl0
        x.y.z.1 [MAC of local interface] UHS 177910 1500 ixl0

        So your gateway is the local interface? the xyz.1 your showing? And your seeing a mac address in your routing table?

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.7.2, 24.11

        L 1 Reply Last reply Reply Quote 1
        • L
          Lurick LAYER 8 @johnpoz
          last edited by

          @johnpoz Yah, I just was about to post that I figured it out. Something must have gotten mucked up with the default gateway which was pointing to the MAC address for some strange reason. I just deleted the gateway and added it back again and boom, working!

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.