Traceroute is hiding IPs



  • Version: 2.1.3

    pfsenseA is connected to the internet
    pfsenseB is connected to pfsenseA to get to the internet.
    They both have additional LANs.

    I have two pfsense boxes. They are connected with one Ethernet cable and have OSPF configured to share the networks.
    I can ping all addresses on the network.
    PROBLEM 1: I'm able to traceroute to any interface on pfsenseA or pfsenceB.

    PROBLEM 1: When tracerouting to the internet the internal addresses are never shown.
    Example of traceroute on PFSenseB:
    traceroute 8.8.8.8
    1  10.2.2.1 (10.2.2.1)  0.250 ms  0.156 ms  0.109 ms
    2  10.125.75.129 (10.125.75.129)  7.957 ms  7.245 ms  8.733 ms

    1 is the address of pfsenseA's interface that is connected to pfsenceB. This is correct.
    2 This is an address that is not in any of my subnets and can not be one on the internet according to RFC1918.
    It seems that my pfsence is hiding part of the route by replacing it with 10.125.75.129.



  • If you use policy routing (manually specifying the gateway on a firewall rule) then your pfSense box will not show in a traceroute.

    That 10.125.x.x IP is the first hop off your network.



  • @Jason:

    If you use policy routing (manually specifying the gateway on a firewall rule) then your pfSense box will not show in a traceroute.

    That 10.125.x.x IP is the first hop off your network.

    I'm not changing the default GW on any of my rules. This even happens when I try to traceroute from on pc connected to interface A to interface B. A and B are on the same pfsense machine.


Log in to reply