Static Routes being ignored?

carlos.papaiz

Static Routes being ignored?

Hey guys.. first time on the forum here…
I guess i am doing something pretty stupid somewhere, but i just cant figure out what. maybe someone here can help me understand....

I have this scenario where i must connect to a few private networks, each one on its own subnet.

My problem now is outbound related, so i wont bother about inbound now.

What is expected:
From networks 192.168.0.0/24 and 192.168.5.0/24 reach every other network.(ping, http, ssh, etc…)

What is happening:

Where the problem seems to be:
P5 - Main Router

So, given this scenario, here are a few configuration screens from P5:

Routes

Firewall Rules

Rede0 = 192.168.0.0/24

Rede5 = 192.168.5.0/24

Rede10 = 192.168.10.0/24

Besides that, this is what i got in the console from : netstat -rn -f inet
Routing tables

Internet:
Destination        Gateway            Flags    Refs      Use  Netif Expire
default            192.168.10.1       UGS         0  1941419    em0
10.0.0.0/8         192.168.10.11      UGS         0      173    em0
125.255.24.14/32   192.168.10.11      UGS         0        0    em0
127.0.0.1          link#7             UH          0      200    lo0
172.22.44.55/32    192.168.10.10      UGS         0        6    em0
172.30.250.132/30  192.168.10.10      UGS         0       10    em0
189.23.87.97/32    192.168.10.11      UGS         0        0    em0
192.168.0.0/24     link#3             U           0  1795277    em2
192.168.0.1        link#3             UHS         0        0    lo0
192.168.1.0/24     192.168.0.7        UGS         0 119281634    em2
192.168.5.0/24     link#2             U           0 75373930    em1
192.168.5.1        link#2             UHS         0        0    lo0
192.168.10.0/24    link#1             U           0   217762    em0
192.168.10.7       link#1             UHS         0        0    lo0

some tests on P5 console:

TRACEROUTE - CORRECT

traceroute to 8.8.8.8 (8.8.8.8), 1 hops max, 52 byte packets
1  192.168.10.1 (192.168.10.1)  0.661 ms  0.360 ms  0.443 ms

TRACEROUTE - WRONG!!!
traceroute to 172.30.250.133 (172.30.250.133), 1 hops max, 52 byte packets
1  192.168.10.1 (192.168.10.1)  1.073 ms  0.749 ms  1.080 ms

traceroute to 10.0.0.1 (10.0.0.1), 1 hops max, 52 byte packets
1  192.168.10.1 (192.168.10.1)  0.442 ms  0.318 ms  0.449 ms

Pinging gateways..

PING 192.168.10.10 (192.168.10.10): 56 data bytes
64 bytes from 192.168.10.10: icmp_seq=0 ttl=64 time=1.255 ms
64 bytes from 192.168.10.10: icmp_seq=1 ttl=64 time=0.879 ms
^C
–- 192.168.10.10 ping statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.879/1.067/1.255/0.188 ms

PING 192.168.10.11 (192.168.10.11): 56 data bytes
64 bytes from 192.168.10.11: icmp_seq=0 ttl=64 time=1.306 ms
64 bytes from 192.168.10.11: icmp_seq=1 ttl=64 time=0.909 ms
^C
--- 192.168.10.11 ping statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.909/1.107/1.306/0.199 ms

carlos.papaiz

I added floating Rules to do this, and it worked. My problem is solved and that how it is going to be…

BUT:

Shouldn´t it have worked the previous way?

rikkifills

Hi all.

i am new to pfs. i am trying to block all ports and only allow the neccesary ports that i need on our network such as port 80,443, pop3, smtp etc. its about the rule under Firewall. how is the sequence work with the floating rules? is it reading from top to bottom or bottom to top? pls help.

rikki