Static Route Not Working
-
I am trying to setup a Static Route but its not working. Am i doing this right?
My pfsense IP is 192.168.45.1
And i connected a Router to my LAN side with the IP 192.168.75.1
This is what i setup.
Under Gateway
Under Routes
Basically i want to be able to Ping my linksys with tomato (192.168.75.1) from pfsense (192.168.45.1)
-
Here is what I do not understand with openvpn clients and people with all their routing issues. I have had pfsense running as servers to openvpn clients for ages and I have never had to set up not one single special route ever and I can ping not only the pfsense router, but any of the many subnets running on it. Matter of fact the only way I've ever not not been able to hit every single network running on my pfsense is if I set up firewalls to specifically prevent it.
I think people are doing some basic thing wrong.
-
Hello,
I have the exact same issue:
My Internet GW (default gateway): 192.168.1.1
My pfsense (WAN interface): 192.168.1.3
My Local Network: (pfsense LAN interface: 10.55.2.254) 10.55.2.0/24I have no NAT because all NAT is on Internet GW (192.168.1.1)
I have another router for routing other LANs
Router: 192.168.1.2
Network behind this router: 172.16.0.0/16 (ip: 172.16.1.254)In pfsense, i have configured:
2 gateways:
WANGW (Default GW) -> Inerface WAN -> GW 192.168.1.1
ROUTERGW -> Inerface WAN -> GW 192.168.1.21 static route:
172.16.0.0/16 -> GW: ROUTERGWNo Outbounf NAT, No 1:1 NAT, no Port Forwarding
FW Rules (no gateway specifies, so no PBR):
WAN:
Any accept (Accept * * * * * * no queue)
LAN:
Any accept (Accept * * * * * * no queue)Routing table:
netstat -rn
Routing tablesInternet:
Destination Gateway Flags Refs Use Netif Expire
default 192.168.1.1 UGS 0 26495 vmx3f1
10.55.2.0/24 link#2 U 0 133740 vmx3f0
10.55.2.254 link#2 UHS 0 4 lo0
127.0.0.1 link#5 UH 0 66 lo0
172.16.0.0/16 192.168.1.2 UGS 0 662 vmx3f1
192.168.1.0/24 link#3 U 0 393896 vmx3f1
192.168.1.3 link#3 UHS 0 0 lo0=> Seem to be OK
I have a computer with IP 172.16.1.40
Ping from 172.16.1.40 to 192.168.1.1 => OK
Ping from 172.16.1.40 to 192.168.1.2 => OK
Ping from 172.16.1.40 to 192.168.1.3 => KOPing from pfsense 192.168.1.3 to 192.168.1.1 => OK
Ping from pfsense 192.168.1.3 to 192.168.1.2 => OK
Ping from pfsense 192.168.1.3 to 172.16.1.40 => KONow, from 172.16.1.40: ping -t 192.168.1.3
For tcpdump:On the pfsense (interface vmw3f1 is 192.168.1.3):
tcpdump -ni vmx3f1 icmp and host 172.16.1.40
listening on vmx3f1, link-type EN10MB (Ethernet), capture size 96 bytes
10:33:53.978486 IP 172.16.1.40 > 192.168.1.3: ICMP echo request, id 768, seq 5641, length 40
10:33:53.978527 IP 192.168.1.3 > 172.16.1.40: ICMP echo reply, id 768, seq 5641, length 40=> Work fine
On the Router (interfcae seth4 is 192.168.1.2):
tcpdump -ni seth4 icmp and host 172.16.1.40
listening on seth4, link-type EN10MB (Ethernet), capture size 96 bytes
22:03:37.123283 IP 172.16.1.40 > 192.168.1.3: ICMP echo request, id 768, seq 12553, length 40
22:03:42.885379 IP 172.16.1.40 > 192.168.1.3: ICMP echo request, id 768, seq 12809, length 40=> Only request, no reply
On the Internet GW (bge0 is 192.168.1.1):
tcpdump -ni bge0 icmp and host 172.16.1.40
listening on bge0, link-type EN10MB (Ethernet), capture size 96 bytes
08:41:44.023409 IP 192.168.1.3 > 172.16.1.40: ICMP echo reply, id 768, seq 21257, length 40
08:41:49.505862 IP 192.168.1.3 > 172.16.1.40: ICMP echo reply, id 768, seq 21513, length 40=> Reply appear here… Not normal because pfsense must route packet to 192.168.1.2 for destination IP 172.16.0.0/16 based on routing table
Now, i check the box "Disable all packet filtering" in System / Advanced / Firewall/NAT
All work fine!
ing from 172.16.1.40 to 192.168.1.1 => OK
Ping from 172.16.1.40 to 192.168.1.2 => OK
Ping from 172.16.1.40 to 192.168.1.3 => OKPing from pfsense 192.168.1.3 to 192.168.1.1 => OK
Ping from pfsense 192.168.1.3 to 192.168.1.2 => OK
Ping from pfsense 192.168.1.3 to 172.16.1.40 => OKSo, there is a routing issue, I think based on PBR...
Anybody can help us?