Redirect Host?

Pfsenseuser24 · Mar 24, 2016, 1:34 PM

I have 2 LAN networks, 10.0.0.X and 10.10.10.X. I use 10.10.10.X for pfsense and the mgmt network and 10.0.0.X for all my VMs. I noticed when I am on the 10.10.10.X network I get a lot of network issues (e.g. reconnects). For example, if I RDP from the 10.10.10.X network to something on the 10.0.0.X network the RDP session will drop ever 30-45 seconds. When I ping from the 10.10.10.X to the 10.0.0.X network you can see the response I get back is a "redirect host" which is what might be causing all these disconnects.

What is going on here?

ping 10.0.0.50
PING 10.0.0.50 (10.0.0.50): 56 data bytes
36 bytes from 10.10.10.1: Redirect Host(New addr: 10.10.10.2)
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 5 00 0054 b431 0 0000 40 01 a836 10.10.10.6 10.0.0.50

64 bytes from 10.0.0.50: icmp_seq=0 ttl=63 time=7.085 ms
36 bytes from 10.10.10.1: Redirect Host(New addr: 10.10.10.2)
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 5 00 0054 d3fc 0 0000 40 01 886b 10.10.10.6 10.0.0.50

64 bytes from 10.0.0.50: icmp_seq=1 ttl=63 time=5.548 ms
36 bytes from 10.10.10.1: Redirect Host(New addr: 10.10.10.2)
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 5 00 0054 b438 0 0000 40 01 a82f 10.10.10.6 10.0.0.50

64 bytes from 10.0.0.50: icmp_seq=2 ttl=63 time=4.374 ms
^C
–- 10.0.0.50 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 4.374/5.669/7.085/1.110 ms

pf123user · Mar 24, 2016, 1:39 PM

What are you trying to do? Do you have a hardware router/firewall and then pfSense virtualized as second router/firewall?

Pfsenseuser24 · Mar 24, 2016, 2:15 PM

No, pfsense is on hardware. It looks like

pfsense (10.10.10.1) -> cisco switch -> VM (10.0.0.X)

I am connected to the cisco switch with an IP address of 10.10.10.6.

I assume it is the the redirects in my first post which is cause all the disconnects?

cmb · Apr 1, 2016, 7:41 AM

You have asymmetric routing in that case. Need to go to System>Advanced, Firewall/NAT, check the box to bypass filtering for traffic on the same interface.

JuantonJohn · Apr 2, 2016, 5:07 PM

My experience with packet timeouts means the packet is in a (route) loop.

Look on both your gateways and check to see if both have the same route to the same subnet…. you do not want this. It will send the data back and forth and never to a destination.
Eventually the packet expires....

I also might be wrong. Still check your routes... diagnostics - routes.

Pfsenseuser24 · Apr 5, 2016, 8:45 PM

10.0.0.0 10.10.10.2 UGS 230404981 1500 bge1
10.10.10.0/29 link#2 U 10388774 1500 bge1
pfSense link#2 UHS 0 16384 lo0
localhost link#5 UH 178 16384 lo0

That is how the routing table looks. What does Link# correspond to?