Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Incoming traffic going out the wrong interface

    Scheduled Pinned Locked Moved Routing and Multi WAN
    4 Posts 2 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      lymond01
      last edited by

      Odd problem:
      WAN
      LAN (gateway)
      MGMT (same subnet as LAN)

      Outgoing traffic (upload) from clients goes out the LAN and the WAN as expected.
      Incoming traffic (download) comes in the WAN and enters the network through the MGMT interface.

      In the original list of System: Routing: Gateways we had three…

      GW_WAN which had the IP of the next hop after the firewall
      GW_WAN_2 which has the IP of the LAN interface
      GW_MGMT which also had the gateway of the LAN interface

      I've disabled GW_MGMT but the command: route -v show [host from LAN] still shows traffic going out GW_MGMT

      I'm tempted to: route flush but I don't want to interrupt network traffic.  I feel like there's definitely a route wrong, I'm just uncertain where to look and whether it can be changed in the GUI or if I need to edit through the console.

      Thanks for your time.

      1 Reply Last reply Reply Quote 0
      • H
        heper
        last edited by

        you generally don't want gateways for ANY lan network. generally you only have gateways for remote/unknown networks such as your internet connection

        1 Reply Last reply Reply Quote 0
        • L
          lymond01
          last edited by

          The Diagnostics - Routing does show that traffic for one of the three VLANs we're routing is indeed traveling through the wrong interface.  But only that one VLAN:

          192.168.42.0/23 link#3 U 617683890 1500 igb2
          192.168.212.192/26 link#10 U 9233502 1500 igb1_vlan711
          192.168.222.192/26 link#11 U 13135977 1500 igb1_vlan1110

          Where it says igb2 on the first subnet, it should say igb1_vlan710 (the 710, 711, 1110 are the VLAN tags).  This isn't using NAT, I just changed the IPs to private space to protect the innocent.

          Under System – routing -- gateways there are two gateways listed.  The default is correct but the second gateway...

          GW_WAN_2 WAN 192.168.43.254 192.168.43.254

          which you'll notice is the highest IP of the first VLAN range.

          So color me confused.  I'm pretty sure I can just add a static route, but I'm not sure why pfsense is acting this way.  The third interface configured with an IP in the first VLAN range (igb2) -- 192.168.42.30 -- is the one claiming all inbound traffic on that VLAN range.

          Thanks.

          1 Reply Last reply Reply Quote 0
          • L
            lymond01
            last edited by

            Figured it out.  The MGMT interface has the mask wrong: set to /23 (network) instead of /32 (host) so the firewall was routing through it.  Changing to /32 and applying immediately fixed the route.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.