W7 routing - traffic not going to default gateway
Posted
by
Ian Macintosh
on Server Fault
See other posts from Server Fault
or by Ian Macintosh
Published on 2012-08-22T13:10:52Z
Indexed on
2013/10/20
21:57 UTC
Read the original article
Hit count: 291
I have a really strange Windows 7 IPv4 routing issue that I can't get to the bottom of.
The summary of the issue is that the default gateway is set to 192.168.254.253, but that it is actually using a default gateway of 192.168.254.254.
Here's a network diagram:
.-,( ),-.
.-( )-.
.-----( internet )----.--------------------------.
| '-( ).-' | |
| '-.( ).-' | |
v v v
.------------. .------. .------.
| 10mb Fibre | | ADSL | | ADSL |
'------------' '------' '------'
| | |
| | |
v v v
.---------------------. .--------------------. .--------------------.
| Juniper Box | | Draytek DSL Router | | Draytek DSL Router |
|---------------------| |--------------------| |--------------------|
| (public IP address) | | 172.16.0.x | | 172.16.0.x |
'---------------------' '--------------------' '--------------------'
| | |
| | .-------------------'
| v v
v .-------------------------.
.-----------------. | Draytek Dual WAN Router |
| Untangle GW | |-------------------------|
|-----------------| | 192.168.254.254 |
| 192.168.254.253 | '-------------------------'
'-----------------' |
| |
| |
v v
===================================
LAN
===================================
| |
| |
v v
.----------------. .----------------.
| Windows 7 W/S | | Windows 7 W/S |
|----------------| |----------------|
| 192.168.254.38 | | 192.168.254.77 |
'----------------' '----------------'
This is a recently (a few weeks ago) converted fibre site with the original 2 DSL lines still attached and running. An Untangle (firewall) was installed with the fibre line.
Here is the affected PC network configuration:
C:\>ipconfig /allcompartments /all
Windows IP Configuration
==============================================================================
Network Information for Compartment 1 (ACTIVE)
==============================================================================
Host Name . . . . . . . . . . . . : COMP36
Primary Dns Suffix . . . . . . . : XXXXXX.local
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : XXXXXX.local
Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix . : XXXXXX.local
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller #2
Physical Address. . . . . . . . . : C8-9C-DC-33-F1-65
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . :
fe80::3925:86a5:7066:ab92%15(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.254.38(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 22 August 2012 10:20:32
Lease Expires . . . . . . . . . . : 30 August 2012 10:20:31
Default Gateway . . . . . . . . . : 192.168.254.253
DHCP Server . . . . . . . . . . . : 192.168.254.200
DHCPv6 IAID . . . . . . . . . . . : 315137244
DHCPv6 Client DUID. . . . . . . . :
00-01-00-01-14-4A-17-8D-10-78-D2-74-2F-8A
DNS Servers . . . . . . . . . . . : 192.168.254.200
Primary WINS Server . . . . . . . : 192.168.254.200
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.XXXXXX.local:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : XXXXXX.local
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
The routing table:
C:\>route print
===========================================================================
Interface List
15...c8 9c dc 33 f1 65 ......Realtek PCIe GBE Family Controller #2
1...........................Software Loopback Interface 1
10...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
11...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.254.253 192.168.254.38 10
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.254.0 255.255.255.0 On-link 192.168.254.38 266
192.168.254.38 255.255.255.255 On-link 192.168.254.38 266
192.168.254.255 255.255.255.255 On-link 192.168.254.38 266
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.254.38 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.254.38 266
===========================================================================
Persistent Routes:
None
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
15 266 fe80::/64 On-link
15 266 fe80::3925:86a5:7066:ab92/128
On-link
1 306 ff00 ::/8 On-link
15 266 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
And the strange routing as demonstrated by tracert:
C:\>tracert -d www.bbc.co.uk
Tracing route to www.bbc.net.uk [212.58.246.95]
over a maximum of 30 hops:
1 1 ms 1 ms <1 ms 192.168.254.254
2 1 ms 1 ms 1 ms 172.16.0.254
3 17 ms 18 ms 16 ms XXXXXXXXXXXXXXX
4 18 ms 19 ms 19 ms XXXXXXXXXXXXXXX
5 22 ms 22 ms 22 ms XXXXXXXXXXXXXXX
6 22 ms 21 ms 22 ms XXXXXXXXXXXXXXX
7 21 ms 21 ms 22 ms 217.41.169.109
8 30 ms 32 ms 57 ms 109.159.251.227
9 46 ms 39 ms 35 ms 109.159.251.137
10 27 ms 66 ms 30 ms 109.159.254.116
^C
However, when done from another Windows 7 workstation:
C:\Users\administrator>ipconfig /allcompartments /all
Windows IP Configuration
==============================================================================
Network Information for Compartment 1 (ACTIVE)
==============================================================================
Host Name . . . . . . . . . . . . : PABX-BACKUP
Primary Dns Suffix . . . . . . . : XXXXXX.local
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : XXXXXX.local
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : XXXXXX.local
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 8C-89-A5-94-43-84
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . :
fe80::9479:1c11:6f9f:ae0b%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.254.77(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 15 August 2012 08:27:18
Lease Expires . . . . . . . . . . : 27 August 2012 08:27:31
Default Gateway . . . . . . . . . : 192.168.254.253
DHCP Server . . . . . . . . . . . : 192.168.254.200
DHCPv6 IAID . . . . . . . . . . . : 244091301
DHCPv6 Client DUID. . . . . . . . :
00-01-00-01-16-C2-79-BE-8C-89-A5-94-43-84
DNS Servers . . . . . . . . . . . : 192.168.254.200
Primary WINS Server . . . . . . . : 192.168.254.200
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.XXXXXX.local:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : XXXXXX.local
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 9:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
C:\Users\administrator>
And finally, doing a tracert from the 2nd workstation yields expected results:
C:\Users\administrator>tracert -d www.bbc.co.uk
Tracing route to www.bbc.net.uk [212.58.244.67]
over a maximum of 30 hops:
1 <1 ms <1 ms <1 ms 192.168.254.253
2 1 ms 1 ms 1 ms 141.0.xxx.xxx
3 2 ms 2 ms 2 ms 141.0.xxx.xxx
4 7 ms 2 ms 2 ms 109.204.xxx.xxx
5 2 ms 2 ms 2 ms 95.177.0.7
6 3 ms 2 ms 2 ms 95.177.0.9
7 30 ms 2 ms 2 ms 95.177.0.2
8 2 ms 2 ms 2 ms 195.66.224.103
9 ^C
As expected, it is routing via .253, and the 2nd hop is the inside interface of the Juniper NTU.
I've not inspected the traffic yet. In particular, I was going to look for ICMP redirects, though why there would be an ICMP redirect at all is not really sensible?
.254 used to be the default gateway before the fibre was installed.
Any ideas? Doesn't make sense to me why there should be this routing issue :(
The Draytek Dual WAN Router was rebooted, the PC was rebooted. The PC had the network disabled and then re-enabled. All the standard stuff when Windows looses the plot.
Hopefully somebody recognises the symptoms!
PS: Sorry for the long post, but I didn't want to leave something potentially relevant out.
PPS: No iSCSI involved on/at this or any other workstation so Windows 7 routing traffic through the gateway for local addresses isn't the issue.
© Server Fault or respective owner