Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    L3 Route not sending traffic along

    Scheduled Pinned Locked Moved Routing and Multi WAN
    5 Posts 2 Posters 736 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      JuanVelox
      last edited by

      I have a subnet OPT1 192.168.10.0/24 with a server (192.168.10.100) trying to contact an example IP 10.10.10.10/32
      The route for that exists on a secondary firewall provided by a vendor to their network.

      I have a Transit VLAN 10.200.1.0/24 between my pfsense and their firewall with a layer 3 switch in-between.
      I have a static route defined under Routing -> Static Routes on pfsense to point 10.10.10.10/32 to the l3 switch then the l3 switch to the vendor firewall. The Vendor Firewall then points back to the L3 switch and the L3 switch has a route back for 192.168.10.0/24 using pfsense

      A traceroute on the server doesn't show the traffic getting past the pfsense 192.168.10.1
      I have a similar route with an example IP of 20.20.20.20/32 and the traceroute shows routing properly with it going over the TransitVLAN of 10.200.1.11(L3 Switch) then to 10.200.1.15(Vendor Firewall)

      I see the route itself in the routing table, so I know it's applied with flags UGHS
      I have an allow all Firewall Rule on the outbound for the subnet as well.
      I also have the System Advanced -> Bypass Firewall Rules for Traffic on the same interface Checked
      Other than restarting the Firewall which I'd rather not do as it is in production what troubleshooting actions should I take?

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @JuanVelox
        last edited by

        @JuanVelox said in L3 Route not sending traffic along:

        I have a Transit VLAN 10.200.1.0/24 between my pfsense and their firewall with a layer 3 switch in-between.
        I have a static route defined under Routing -> Static Routes on pfsense to point 10.10.10.10/32 to the l3 switch then the l3 switch to the vendor firewall. The Vendor Firewall then points back to the L3 switch and the L3 switch has a route back for 192.168.10.0/24 using pfsense

        If both, pfSense and the vendor firewall are within the same VLAN there is no need to point the routes to the switch at all. Just point them to the other firewall.

        J 1 Reply Last reply Reply Quote 0
        • J
          JuanVelox @viragomann
          last edited by

          @viragomann regardless of Pointing towards their Firewall or a L3 Switch Pfsense isn't routing the traffic from within the OPT1 subnet to either device.

          V 1 Reply Last reply Reply Quote 0
          • V
            viragomann @JuanVelox
            last edited by

            @JuanVelox
            Did you you state the gateway in the OPT1 interface settings? This should be set to 'none'.

            Sniff the traffic to find out, where the packets go to.

            J 1 Reply Last reply Reply Quote 0
            • J
              JuanVelox @viragomann
              last edited by

              @viragomann Gateway is set to none,
              When sniffing packets, I see them come in but not come out of the firewall. They just terminate with Time to live exceeded
              This firewall is setup in HA and testing the route using the secondary firewall works fine.
              I suspect it's a routing bug somehow caused on the primary firewall. I guess a restart will be required for further troubleshooting.

              Thanks for your help.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.