Netgate SG-1000 microFirewall

Author Topic: WAN default gateway down, Internet access works  (Read 819 times)

0 Members and 1 Guest are viewing this topic.

Offline -flo-

  • Sr. Member
  • ****
  • Posts: 374
  • Karma: +29/-0
    • View Profile
WAN default gateway down, Internet access works
« on: February 27, 2014, 01:26:00 am »
I have a WAN interface with PPPoE configured. The interface is up, has a public IP address. I can access the Internet. So far so good.

A traceroute to 8.8.8.8:

Code: [Select]
FlosMacBook:~ fu$ traceroute 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 64 hops max, 52 byte packets
 1  192.168.2.1 (192.168.2.1)  2.273 ms  1.831 ms  1.549 ms
 2  217.0.119.7 (217.0.119.7)  20.584 ms  19.933 ms  22.188 ms
 3  [...]

This shows the default gateway as first hop.

However pfSense shows the default gateway (WAN_PPPOE) as offline with 100% loss. The gateway has the public IP address (217.0.119.7) which has been assigned by the ISP as default gateway (according to PPP log).

If I ping the gateway address form behind pfSense I get:

Code: [Select]
FlosMacBook:~ fu$ ping 217.0.119.7
PING 217.0.119.7 (217.0.119.7): 56 data bytes
60 bytes from 217.0.119.7: Communication prohibited by filter
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 5400 d0c2   0 0000  3e  01 98c9 192.168.2.109  217.0.119.7

Request timeout for icmp_seq 0

Ping from the pfSense box:

Code: [Select]
PING 217.0.119.7 (217.0.119.7) from 217.*.*.*: 56 data bytes
60 bytes from 217.0.119.7: Communication prohibited by filter
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 5400 ab38   0 0000  3f  01 2102 217.*.*.*  217.0.119.7

It appears that my ISP blocks the ping to the default gateway. Is that interpretation correct?

Is there any problem with this?

Is there anything I should about this?

If I read that right I could just switch off the monitoring of the gateway.

-flo-


Offline phil.davis

  • Hero Member
  • *****
  • Posts: 4612
  • Karma: +551/-3
    • View Profile
    • International Nepal Fellowship
Re: WAN default gateway down, Internet access works
« Reply #1 on: February 27, 2014, 02:37:27 am »
Yes, the ISP is not allowing ping to its gateway. If you have only 1 WAN and do not care about recording ping time/packet loss stats for it and don't care about seeing that in real-time on the dashboard either, then simply disable gateway monitoring.
Or specify and alternate monitor IP, like 8.8.8.8 (Google) and you will then get stats and some idea of how your connection is going.
As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

Offline -flo-

  • Sr. Member
  • ****
  • Posts: 374
  • Karma: +29/-0
    • View Profile
Re: WAN default gateway down, Internet access works
« Reply #2 on: February 27, 2014, 04:20:59 am »
Thank you for the clarification! I chose to do this:

Or specify and alternate monitor IP, like 8.8.8.8 (Google)

That works fine.

-flo-