Missing pfSense hop in my LAN?

Sopalajo de Arrierez

This is my pfSense machine (2 WANs, 1 LAN):

*** Welcome to pfSense 2.3-BETA-pfSense (amd64) on pfSense-ThreepWood ***

 WAN (wan)       -> hme3       -> v4/DHCP4: 192.168.10.4/24
 LAN (lan)       -> hme0       -> v4: 192.168.8.1/24
 WAN2 (opt1)     -> hme2       -> v4/DHCP4: 192.168.1.35/24

On LAN there is only a router Buffalo WHR-HP-GN:

IP Address 	192.168.8.100 
Subnet Mask 	255.255.255.0 
Default Gateway 	192.168.8.1 (Via DHCP)
DNS1(Primary)	192.168.8.1 (Via DHCP)
Host Name 	buffalo (Via DHCP)
Domain Name 	localdomain (Via DHCP)
MTU Size 	1500
DHCP Server Address 	192.168.8.1
Lease Start Time 	2016/01/10 12:10:36
Lease Period 	2016/01/11 12:10:36
Wired Link 	100Base-TX (Full-duplex) 
MAC Address 	00:24:A5:0E:A8:42 

The internal (LAN again) side of this WHR-HP-GN:

IP Address 	192.168.11.1
Subnet Mask 	255.255.255.0
DHCP Server 	Enabled
MAC Address 	00:24:A5:0E:A8:42

And this a Ubuntu machine inside my (final) LAN:

luis@Chomsky:~$ sudo ifconfig
eth0      Link encap:Ethernet  direcciónHW 00:23:54:7f:f2:4f
          Direc. inet:192.168.11.113  Difus.:192.168.11.255  Másc:255.255.255.0
          Dirección inet6: fe80::223:54ff:fe7f:f24f/64 Alcance:Enlace
          ACTIVO DIFUSIÓN FUNCIONANDO MULTICAST  MTU:1500  Métrica:1
          Paquetes RX:50109 errores:0 perdidos:0 overruns:0 frame:0
          Paquetes TX:44033 errores:0 perdidos:0 overruns:0 carrier:2
          colisiones:0 long.colaTX:1000
          Bytes RX:10956381 (10.9 MB)  TX bytes:3859693 (3.8 MB)

So, the path to, say, IP 8.8.8.8 should be:

192.168.11.113		-->	Ubuntu computer
192.168.11.1		-->	Buffalo WHR-HP-GN
192.168.8.1		-->	pfSense machine
192.168.10(or 1).1	-->	DSL Router
Outside world (operator)

But the results are:

luis@Chomsky:~$ sudo traceroute 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets
 1  Router- (192.168.11.1)  0.459 ms  0.390 ms  0.532 ms
 2  192.168.10.1 (192.168.10.1)  2.505 ms 192.168.1.1 (192.168.1.1)  2.544 ms 192.168.10.1 (192.168.10.1)  2.481 ms
 3  85.Red-80-58-67.staticIP.rima-tde.net (80.58.67.85)  47.383 ms 86.Red-80-58-67.staticIP.rima-tde.net (80.58.67.86)  48.388 ms 85.Red-80-58-67.staticIP.rima-tde.net (80.58.67.85)  48.159 ms
 4  * * *

… or (for the other gateway).

luis@Chomsky:~$ sudo traceroute 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets
 1  Router- (192.168.11.1)  0.339 ms  0.348 ms  0.501 ms
 2  192.168.1.1 (192.168.1.1)  2.104 ms 192.168.10.1 (192.168.10.1)  1.907 ms 192.168.1.1 (192.168.1.1)  2.465 ms
 3  86.Red-80-58-67.staticIP.rima-tde.net (80.58.67.86)
4 * * *

Isn't it missing here the hop corresponding to the pfSense machine? This is: 192.168.8.1 ?

singerie

not 100% sure, but i think it's because you have 2 wan, and you have gateway group (probably) to load balance your traffic. pfsense become transparent in a traceroute at this point.

cmb

@singerie:

not 100% sure, but i think it's because you have 2 wan, and you have gateway group (probably) to load balance your traffic. pfsense become transparent in a traceroute at this point.

Yes, route-to just passes things to the specified gateway and doesn't decrement the TTL, hence it doesn't show up in traceroute when traffic matches a rule specifying a gateway.