W7 routing - traffic not going to default gateway

Posted by Ian Macintosh on Server Fault See other posts from Server Fault or by Ian Macintosh
Published on 2012-08-22T13:10:52Z Indexed on 2013/10/20 21:57 UTC
Read the original article Hit count: 288

Filed under:
|
|

I have a really strange Windows 7 IPv4 routing issue that I can't get to the bottom of.

The summary of the issue is that the default gateway is set to 192.168.254.253, but that it is actually using a default gateway of 192.168.254.254.

Here's a network diagram:

                     .-,(  ),-.    
                  .-(          )-. 
           .-----(    internet    )----.--------------------------.
           |      '-(          ).-'    |                          |
           |          '-.( ).-'        |                          |
           v                           v                          v
    .------------.                 .------.                   .------.
    | 10mb Fibre |                 | ADSL |                   | ADSL |
    '------------'                 '------'                   '------'
           |                           |                          |
           |                           |                          |
           v                           v                          v
.---------------------.     .--------------------.     .--------------------.
|     Juniper Box     |     | Draytek DSL Router |     | Draytek DSL Router |
|---------------------|     |--------------------|     |--------------------|
| (public IP address) |     | 172.16.0.x         |     | 172.16.0.x         |
'---------------------'     '--------------------'     '--------------------'
           |                           |                          |
           |                           |      .-------------------'
           |                           v      v
           v              .-------------------------.
  .-----------------.     | Draytek Dual WAN Router |
  |   Untangle GW   |     |-------------------------|
  |-----------------|     | 192.168.254.254         |
  | 192.168.254.253 |     '-------------------------'
  '-----------------'                  |
           |                           |
           |                           |
           v                           v
       ===================================
                       LAN                
       ===================================
         |                    |
         |                    |
         v                    v
.----------------.   .----------------.
| Windows 7 W/S  |   | Windows 7 W/S  |
|----------------|   |----------------|
| 192.168.254.38 |   | 192.168.254.77 |
'----------------'   '----------------'

This is a recently (a few weeks ago) converted fibre site with the original 2 DSL lines still attached and running. An Untangle (firewall) was installed with the fibre line.

Here is the affected PC network configuration:

C:\>ipconfig /allcompartments /all

Windows IP Configuration


==============================================================================
Network Information for Compartment 1 (ACTIVE)
==============================================================================
   Host Name . . . . . . . . . . . . : COMP36
   Primary Dns Suffix  . . . . . . . : XXXXXX.local
   Node Type . . . . . . . . . . . . : Broadcast
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : XXXXXX.local

Ethernet adapter Local Area Connection 2:

   Connection-specific DNS Suffix  . : XXXXXX.local
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller #2
   Physical Address. . . . . . . . . : C8-9C-DC-33-F1-65
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . :
   fe80::3925:86a5:7066:ab92%15(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.254.38(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 22 August 2012 10:20:32
   Lease Expires . . . . . . . . . . : 30 August 2012 10:20:31
   Default Gateway . . . . . . . . . : 192.168.254.253
   DHCP Server . . . . . . . . . . . : 192.168.254.200
   DHCPv6 IAID . . . . . . . . . . . : 315137244
   DHCPv6 Client DUID. . . . . . . . :
   00-01-00-01-14-4A-17-8D-10-78-D2-74-2F-8A

   DNS Servers . . . . . . . . . . . : 192.168.254.200
   Primary WINS Server . . . . . . . : 192.168.254.200
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.XXXXXX.local:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : XXXXXX.local 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No 
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No 
   Autoconfiguration Enabled . . . . : Yes

The routing table:

C:\>route print
===========================================================================
Interface List
 15...c8 9c dc 33 f1 65 ......Realtek PCIe GBE Family Controller #2
  1...........................Software Loopback Interface 1
 10...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 11...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0  192.168.254.253   192.168.254.38     10
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
    192.168.254.0    255.255.255.0         On-link    192.168.254.38    266
   192.168.254.38  255.255.255.255         On-link    192.168.254.38    266
  192.168.254.255  255.255.255.255         On-link    192.168.254.38    266
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link    192.168.254.38    266
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link    192.168.254.38    266
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 15    266 fe80::/64                On-link
 15    266 fe80::3925:86a5:7066:ab92/128   
                                    On-link
  1    306 ff00 ::/8                On-link
 15    266 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

And the strange routing as demonstrated by tracert:

C:\>tracert -d www.bbc.co.uk

Tracing route to www.bbc.net.uk [212.58.246.95]
over a maximum of 30 hops:

  1     1 ms     1 ms    <1 ms  192.168.254.254
  2     1 ms     1 ms     1 ms  172.16.0.254   
  3    17 ms    18 ms    16 ms  XXXXXXXXXXXXXXX
  4    18 ms    19 ms    19 ms  XXXXXXXXXXXXXXX
  5    22 ms    22 ms    22 ms  XXXXXXXXXXXXXXX
  6    22 ms    21 ms    22 ms  XXXXXXXXXXXXXXX
  7    21 ms    21 ms    22 ms  217.41.169.109 
  8    30 ms    32 ms    57 ms  109.159.251.227
  9    46 ms    39 ms    35 ms  109.159.251.137
 10    27 ms    66 ms    30 ms  109.159.254.116
^C

However, when done from another Windows 7 workstation:

C:\Users\administrator>ipconfig /allcompartments /all

Windows IP Configuration


==============================================================================
Network Information for Compartment 1 (ACTIVE)  
==============================================================================
   Host Name . . . . . . . . . . . . : PABX-BACKUP
   Primary Dns Suffix  . . . . . . . : XXXXXX.local
   Node Type . . . . . . . . . . . . : Broadcast
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : XXXXXX.local

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : XXXXXX.local
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 8C-89-A5-94-43-84
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . :
   fe80::9479:1c11:6f9f:ae0b%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.254.77(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0  
   Lease Obtained. . . . . . . . . . : 15 August 2012 08:27:18
   Lease Expires . . . . . . . . . . : 27 August 2012 08:27:31
   Default Gateway . . . . . . . . . : 192.168.254.253
   DHCP Server . . . . . . . . . . . : 192.168.254.200
   DHCPv6 IAID . . . . . . . . . . . : 244091301
   DHCPv6 Client DUID. . . . . . . . :
   00-01-00-01-16-C2-79-BE-8C-89-A5-94-43-84  

   DNS Servers . . . . . . . . . . . : 192.168.254.200
   Primary WINS Server . . . . . . . : 192.168.254.200
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.XXXXXX.local:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : XXXXXX.local
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

C:\Users\administrator>

And finally, doing a tracert from the 2nd workstation yields expected results:

C:\Users\administrator>tracert -d www.bbc.co.uk

Tracing route to www.bbc.net.uk [212.58.244.67]
over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms  192.168.254.253
  2     1 ms     1 ms     1 ms  141.0.xxx.xxx
  3     2 ms     2 ms     2 ms  141.0.xxx.xxx
  4     7 ms     2 ms     2 ms  109.204.xxx.xxx
  5     2 ms     2 ms     2 ms  95.177.0.7
  6     3 ms     2 ms     2 ms  95.177.0.9
  7    30 ms     2 ms     2 ms  95.177.0.2
  8     2 ms     2 ms     2 ms  195.66.224.103
  9  ^C

As expected, it is routing via .253, and the 2nd hop is the inside interface of the Juniper NTU.

I've not inspected the traffic yet. In particular, I was going to look for ICMP redirects, though why there would be an ICMP redirect at all is not really sensible?

.254 used to be the default gateway before the fibre was installed.

Any ideas? Doesn't make sense to me why there should be this routing issue :(

The Draytek Dual WAN Router was rebooted, the PC was rebooted. The PC had the network disabled and then re-enabled. All the standard stuff when Windows looses the plot.

Hopefully somebody recognises the symptoms!

PS: Sorry for the long post, but I didn't want to leave something potentially relevant out.

PPS: No iSCSI involved on/at this or any other workstation so Windows 7 routing traffic through the gateway for local addresses isn't the issue.

© Server Fault or respective owner

Related posts about windows-7

Related posts about routing