We just upgraded a box from 2.0.3 release to 2.1 release - and not sure if it is related or coincidence but started having bizarre routing issue post upgrade when using gateway groups.
Scenario Dual WAN (em0 em1 drivers) Quad LAN (igb0 and igb3 in use) igb3 has multiple VLAN'd interfaces (5 - all private address space) Gateway Group was setup to route out em0 (tier 1) unless there was packet loss or high latency, then fall to em1 (tier 2) The Gateway Group was defined on each internal interface in the firewall rule. When the Gateway Group was defined (rather the *Default). If you traceroute from an internal interface machine to another interface subnet, it routed out the WAN interface directly to the public routers! traceroute 192.168.20.5 > Tracing rout to 192.168.20.5 over a maximum of 30 hops > 1 76 ms 86 ms 95 ms ***.a16-0210-0015.uninet-ide.com.mx > [***.235.80.17] > 2 63 ms 71 ms 84 ms ***ge5-0-0_12.uninet-ide.com.mx > [***.130.189.82] ^C So this is internal private address space, being routed to the public WAN rather than the internal LAN. (for our purposes this was the 192.168.20.0/24 subnet) So internally you'd traceroute 192.168.20.5 for example, and immediately receive a reply back from the public routers Our default gw on the internal lan was also NOT on the list of hops as one would expect. Routing from pfSense directly works great from the LAN, but not the WAN (same routes as above) If I turn the Gateway Group OFF - and set it back to default, all routing resumes as normal traceroute to 192.168.20.5, we get the first hop as our gw, second hop as the destination on the other interface. Now granted, the ISP should not be routing private address space - but shouldn't pfSense override that route since it is an internal interface? Am I missing something basic here? At this point all is functioning - but we long longer have redundant WANs - and my confusion hasn't dwindled. Already calling the ISP for resolves on the private IP routing on their routers - but would love to correct internally as well.
_______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
