[RESOLVED] WAN interface - 2nd route OK but pfsense still sending to default GW
-
Hi all
I have set up a pfsense as a Captive Portal (call it "PORTAL").
This machine manages 1 LAN (Guests) and connects to an external network (WAN) hosting a router (WANGW) and another firewall for internal networks (called FW).I want to give management access to the PORTAL from one of the internal networks, thus through the FW.
IP addresses :
WANGW : 10.21.101.11
FW : 10.21.101.254
PORTAL (ext.): 10.21.101.20PORTAL (int) : 10.21.4.254
Guests net : 10.21.4.0/24
internal net : 10.21.2.0/24In PORTAL : There is a default gateway via WANGW.
I then created another gateway pointing to 10.21.101.254 (=FW) and created a static route 10.21.2.0/24 via FW.When I try to connect to PORTAL from host 10.21.2.1, I see the packets arriving at PORTAL, but then it sends answers back to WANGW, not FW !
Here is an example of two packets captured (ICMP ping) :
1 0.000 10.21.2.1 10.21.101.20 ICMP 98 Echo (ping) request id=0x1fb0, seq=1/256, ttl=64 (reply in 2)
Ethernet II, Src: Netasq_0e:e9:65 (00:0d:b4:0e:e9:65), Dst: HewlettP_34:6e:d2 (00:23:7d:34:6e:d2)2 0.000 10.21.101.20 10.21.2.1 ICMP 98 Echo (ping) reply id=0x1fb0, seq=1/256, ttl=64 (request in 1)
Ethernet II, Src: HewlettP_34:6e:d2 (00:23:7d:34:6e:d2), Dst: Anovo_e9:1b:ab (40:5a:9b:e9:1b:ab)the reply is sent to WANGW (MAC = anovo…) instead of going back to FW (MAC = Netasq...) : that should not be since there is a route defined to 10.21.2.0/24 via FW
Any clue ? This is not a rules issue since the PORTAL sends a reply.
Some config extracts :
<interfaces><wan><enable><if>bce0</if><alias-address><alias-subnet>32</alias-subnet>
<spoofmac><ipaddr>10.21.101.20</ipaddr>
<subnet>24</subnet>
<gateway>WANGW</gateway></spoofmac></alias-address></enable></wan>
<lan><enable><if>bce1</if><spoofmac><ipaddr>10.21.4.254</ipaddr>
<subnet>24</subnet>
<ipaddrv6>slaac</ipaddrv6></spoofmac></enable></lan></interfaces>
<staticroutes><route><network>10.21.2.0/24</network>
<gateway>FW</gateway></route>
[snip]<gateways><gateway_item><interface>wan</interface>
<gateway>10.21.101.11</gateway>
<name>WANGW</name>
<weight>1</weight>
<ipprotocol>inet</ipprotocol>
<interval><avg_delay_samples><avg_loss_samples><avg_loss_delay_samples><monitor_disable><defaultgw></defaultgw></monitor_disable></avg_loss_delay_samples></avg_loss_samples></avg_delay_samples></interval></gateway_item>
<gateway_item><interface>wan</interface>
<gateway>10.21.101.254</gateway>
<name>FW</name>
<weight>1</weight>
<ipprotocol>inet</ipprotocol>
<interval><avg_delay_samples><avg_loss_samples><avg_loss_delay_samples><descr><monitor_disable></monitor_disable></descr></avg_loss_delay_samples></avg_loss_samples></avg_delay_samples></interval></gateway_item></gateways>
I finally created 2 specific VLANs on the internal interface : one for the guests and one interconnect to internal networks (specific FW interface) and it works.
(I arranged the VLANs on the switching hardware too.)</staticroutes>