I am struggling with a problem when I am tracing the path from LAN to ISP1 USER IP network where my first hop gives me * * * like this:
Code: Select all
root@unifi:~# traceroute -In 5.5.2.45
traceroute to 5.5.2.45 (5.5.2.45), 30 hops max, 60 byte packets
1 * * *
2 5.5.2.45 0.443 ms * *
Code: Select all
add comment="" distance=1 dst-address=192.168.1.0/24 gateway=bridge-LAN pref-src=192.168.1.254 routing-mark=to_WAN-MM
Code: Select all
add action=mark-routing chain=output comment="mark routing to WAN-MM" connection-mark=WAN-MM_in new-routing-mark=to_WAN-MM passthrough=no
Code: Select all
root@unifi:~# traceroute -In 5.5.2.45
traceroute to 5.5.2.45 (5.5.2.45), 30 hops max, 60 byte packets
1 192.168.1.254 0.225 ms 0.220 ms 0.219 ms
2 5.5.2.45 0.443 ms * *
Code: Select all
# TIME INTERFACE SRC-ADDRESS DST-ADDRESS IP-PROTOCOL SIZE CPU FP
5 3.96 sfp-plus-LAN 192.168.1.202 5.5.2.45 icmp 74 2 no
6 3.96 bridge-LAN 192.168.1.202 5.5.2.45 icmp 74 2 no
7 3.96 ether6-WAN-MM-ISP 192.168.1.254 192.168.1.202 icmp 102 2 no
8 3.96 sfp-plus-LAN 192.168.1.202 5.5.2.45 icmp 74 2 no
9 3.96 bridge-LAN 192.168.1.202 5.5.2.45 icmp 74 2 no
10 3.96 ether6-WAN-MM-ISP 192.168.1.254 192.168.1.202 icmp 102 2 no
11 3.96 sfp-plus-LAN 192.168.1.202 5.5.2.45 icmp 74 2 no
12 3.96 bridge-LAN 192.168.1.202 5.5.2.45 icmp 74 2 no
13 3.96 ether6-WAN-MM-ISP 192.168.1.254 192.168.1.202 icmp 102 2 no
14 3.96 sfp-plus-LAN 192.168.1.202 5.5.2.45 icmp 74 2 no
15 3.96 bridge-LAN 192.168.1.202 5.5.2.45 icmp 74 2 no
16 3.96 bridge-WAN-OR 192.168.1.202 5.5.2.45 icmp 74 2 no
17 3.96 sfp-plus-LAN 192.168.1.202 5.5.2.45 icmp 74 2 no
18 3.96 bridge-LAN 192.168.1.202 5.5.2.45 icmp 74 2 no
19 3.96 bridge-WAN-OR 192.168.1.202 5.5.2.45 icmp 74 2 no
So few packets come back from WAN-MM-ISP interface when the first ping with TTL=1 is sent. But why does router respond from this interface if traffic is sent to the other one? I won't find peace if I won't resolve this riddle... Everything works but cannot understand this strange behaviour.
Some remarks:
1) I don't want to do connection-tracking on my user public IP scope, as there will be another router; just simple routing saving my CPU cycles
2) VLAN 30 is just prepared - so far the OFFICE traffic is sent untaged on bridge-LAN
3) all pings form inside and outside work fine to ROS interfaces and forwarded ones except this one traceroute
The configuration and a small diagram is attached to this post. Please, let me know your findings.
Thanks in advance.