Netgate SG-1000 microFirewall

Author Topic: Peculiar routing behavior  (Read 91 times)

0 Members and 1 Guest are viewing this topic.

Offline beefer

  • Newbie
  • *
  • Posts: 11
  • Karma: +0/-0
    • View Profile
Peculiar routing behavior
« on: February 05, 2018, 03:20:00 am »
Hi!

I've got a pfsense box with one WAN interface and a client VPN interface to single vlan. I assigned both theese gateways a monitor IP. First I used 8.8.8.8 for vpn gateway and 8.8.4.4. To my surprise you cannot ping 8.8.8.8 (vpn gw monitor ip) from within home-vlan. When I changed the monitor IP to a different (quad9) - same behavior. I can though ping monitor IP of the same gatway for the vlan I am using, so it got me thinking to test how routing works. Traceroute hangs on my local gw (pfsense router ip), so I looked up pfsense routing table and discovered that those two monitoring IPs get static routes that go only through the gateway they are assigned to. After a bit it seems resonable, since we want to be sure the traffic for those addresses is routed only through gateway we are trying to monitor. Is it a normal behavior (just making sure) or should I start digging  in my config for misconfiguration? :)

Offline Derelict

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 9818
  • Karma: +1107/-311
    • View Profile
Re: Peculiar routing behavior
« Reply #1 on: February 05, 2018, 03:30:52 am »
You get static host routes for:

Gateway monitor IP addresses
IPsec peers in certain cases
System > General DNS servers with a gateway set

That's all I can think of...might be more
Las Vegas, Nevada, USA
Use this diagram to describe your issue.
The pfSense Book is now available for just $24.70!
Do Not PM For Help! NO_WAN_EGRESSTM

Offline beefer

  • Newbie
  • *
  • Posts: 11
  • Karma: +0/-0
    • View Profile
Re: Peculiar routing behavior
« Reply #2 on: February 05, 2018, 03:41:13 am »
Thanks!