2.1: Default gateway on wrong interface



  • I have upgraded from 2.0.3 to 2.1 and packets were not routing out of the network.

    One some further investigation it appears that although the default GW is set to my WAN interface when viewing netstat the default route was set to go out of my LAN interface.

    I have manually updated it with:

    route change default 80.175.54.33 -ifp em1
    

    which resolved the problem but if I reboot pfsense or anything it is reverting back to the LAN interface (em0). Is this a bug in 2.1?


  • Netgate Administrator

    I haven't seen that exact problem before. Do you have a gateway defined on LAN? Is there actually a gateway on the LAN side?

    Steve



  • Why not use the WebConfigurator to change the default GW to Wan?  Should be sticky then.


  • Netgate Administrator

    It already appears to have been set to WAN, that's the worrying part.

    Steve


  • Rebel Alliance Developer Netgate

    Check your config.xml, I'll wager you have a duplicate gateway entry (two or more with the same name) and one of them is set to default yet not showing in the GUI.



  • Thanks for the replies guys :)

    There is no gateway configured on the LAN, and as mentioned the defaultGW is already configured to the WAN interface - that is the worrying part :)

    Just checked he config.xml, there only appears to be one gateway set:

            <gateways><gateway_item><interface>wan</interface>
                            <gateway>80.175.54.33</gateway>
                            <name>WANGW</name>
                            <weight>1</weight>
                            <ipprotocol>inet</ipprotocol>
                            <interval><descr><defaultgw></defaultgw></descr></interval></gateway_item></gateways> 
    

    Guessing that is the right section?

    Just to add as I am in the file, this is the WAN interface config:

                    <wan><enable><if>em1</if>
                            <blockpriv><blockbogons><spoofmac><ipaddr>80.175.54.34</ipaddr>
                            <subnet>28</subnet>
                            <gateway>WANGW</gateway></spoofmac></blockbogons></blockpriv></enable></wan> 
    

    My routes from netstat:

    0.0.0.0&0x50af3422 80.175.54.33       UGS         0        0    em0 =>
    default            80.175.54.33       UGS         0  3689744    em1
    80.175.54.32/28    link#2             U           0    73082    em1
    80.175.54.34       link#2             UHS         0        0    lo0
    80.175.54.35       link#2             UHS         0        0    lo0
    80.175.54.36       link#2             UHS         0        0    lo0
    80.175.54.37       link#2             UHS         0        0    lo0
    80.175.54.38       link#2             UHS         0        0    lo0
    80.175.54.39       link#1             UHS         0        0    lo0
    80.175.54.40       link#2             UHS         0        0    lo0
    80.175.54.41       link#2             UHS         0        0    lo0
    80.175.54.42       link#2             UHS         0        0    lo0
    80.175.54.43       link#2             UHS         0        0    lo0
    80.175.54.44       link#2             UHS         0        0    lo0
    80.175.54.45       link#2             UHS         0        0    lo0
    80.175.54.46       link#2             UHS         0        0    lo0
    89.145.202.114     80.175.54.33       UGHS        0    43457    em0
    127.0.0.1          link#7             UH          0     2521    lo0
    176.35.234.97      80.175.54.33       UGHS        0  3305222    em0
    192.168.1.0/24     link#1             U           0  5323347    em0
    192.168.1.1        link#1             UHS         0        0    lo0
    
    

    My routes prior to manually adjusting the default:

    
    default            80.175.54.33       UGS         0  3689744    em0
    80.175.54.32/28    link#2             U           0    73082    em1
    80.175.54.34       link#2             UHS         0        0    lo0
    80.175.54.35       link#2             UHS         0        0    lo0
    80.175.54.36       link#2             UHS         0        0    lo0
    80.175.54.37       link#2             UHS         0        0    lo0
    80.175.54.38       link#2             UHS         0        0    lo0
    80.175.54.39       link#1             UHS         0        0    lo0
    80.175.54.40       link#2             UHS         0        0    lo0
    80.175.54.41       link#2             UHS         0        0    lo0
    80.175.54.42       link#2             UHS         0        0    lo0
    80.175.54.43       link#2             UHS         0        0    lo0
    80.175.54.44       link#2             UHS         0        0    lo0
    80.175.54.45       link#2             UHS         0        0    lo0
    80.175.54.46       link#2             UHS         0        0    lo0
    89.145.202.114     80.175.54.33       UGHS        0    43457    em0
    127.0.0.1          link#7             UH          0     2521    lo0
    176.35.234.97      80.175.54.33       UGHS        0  3305222    em0
    192.168.1.0/24     link#1             U           0  5323347    em0
    192.168.1.1        link#1             UHS         0        0    lo0
    
    

    And finally just for sanity and in case it helps here is an ifconfig:

    em0: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
            options=9b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum>ether 00:50:56:b1:99:ca
            inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
            inet6 fe80::250:56ff:feb1:99ca%em0 prefixlen 64 scopeid 0x1
            inet 80.175.54.39 netmask 0xfffffff0 broadcast 80.175.54.47
            nd6 options=1 <performnud>media: Ethernet autoselect (1000baseT <full-duplex>)
            status: active
    em1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
            options=9b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum>ether 00:50:56:b1:3b:00
            inet 80.175.54.34 netmask 0xfffffff0 broadcast 80.175.54.47
            inet6 fe80::250:56ff:feb1:3b00%em1 prefixlen 64 scopeid 0x2
            inet 80.175.54.35 netmask 0xfffffff0 broadcast 80.175.54.47
            inet 80.175.54.36 netmask 0xfffffff0 broadcast 80.175.54.47
            inet 80.175.54.37 netmask 0xfffffff0 broadcast 80.175.54.47
            inet 80.175.54.38 netmask 0xfffffff0 broadcast 80.175.54.47
            inet 80.175.54.43 netmask 0xfffffff0 broadcast 80.175.54.47
            inet 80.175.54.44 netmask 0xfffffff0 broadcast 80.175.54.47
            inet 80.175.54.45 netmask 0xfffffff0 broadcast 80.175.54.47
            inet 80.175.54.46 netmask 0xfffffff0 broadcast 80.175.54.47
            inet 80.175.54.42 netmask 0xfffffff0 broadcast 80.175.54.47
            inet 80.175.54.40 netmask 0xfffffff0 broadcast 80.175.54.47
            inet 80.175.54.41 netmask 0xfffffff0 broadcast 80.175.54.47
            nd6 options=1 <performnud>media: Ethernet autoselect (1000baseT <full-duplex>)
            status: active</full-duplex></performnud></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum></up,broadcast,running,simplex,multicast></full-duplex></performnud></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum></up,broadcast,running,promisc,simplex,multicast> 
    

  • Netgate Administrator

    What is 80.175.54.33 (the WAN gateway?) and how come you seem to have routes to it via two interfaces?  :-
    You seem to have routes to some other addresses that are via the above gateway on em0 even after you've switched the default over. Is that just a hangover from the previous situation?  Hmm.

    Steve



  • 80.175.54.33 is a Cisco router, not part of our kit though. Its the ISP's kit in the data centre.

    Good spot, I never noticed those routes and certainly never added them.. I havent added any static routes onto here. I have cleared them off and going to try a reboot. Fingers crossed!


  • Netgate Administrator

    Since you only have one gateway this shouldn't make any difference but do you have 'Allow default gateway switching' enabled in System: Advanced: Miscellaneous: ?

    Steve


  • Rebel Alliance Developer Netgate

    Check your DNS settings also (System > General) and make sure you don't have something there tied to the LAN interface


Log in to reply