Go Premium for a chance to win a PS4. Enter to Win


Pinging WAN IP address results in  "TTL expired in transit"

Posted on 2014-09-05
Medium Priority
Last Modified: 2014-09-13
My ISP provides a VDSL internet service and I'm using a modem that is configured to be in "bridge" mode. I recently signed up to have a block of static IP addresses with my ISP. They gave me a /30 block, lets call it xxx.xxx.xxx.240/30. So I have these IP addresses I can work with:


I'm using pfSense 2.0 as my router. I have a WAN interface configured as a PPPoE interface.  It gets the xxx.xxx.xxx.240 IP address dynamically. I then configured three "Virtual IPs" in the Firewall section for the other three IP addresses xxx.xxx.xxx.241, xxx.xxx.xxx.242 and xxx.xxx.xxx.243.

So far, everything works. I tested out a few NAT rules, and tested NAT reflection, everything works great!

I wanted to allow pinging the address, so I added a rule to the firewall to allow pinging from the outside world to the WAN IP address (xxx.xxx.xxx.240). Under FIrewall->Rules->WAN Tab, I added a rule to allow "ICMP echoreq" from Source: *, to Destination: WAN Address.

Applied this rule, and I  can now ping xxx.xxx.xxx.240, no problems!

So, I added another rule to the firewall to allow pinging xxx.xxx.xxx.241. I thought it work work the same as the first IP address.

Unfortunately, this doesn't work. When I ping that address, I get "TTL expired in transit".

So I tried running a tracert from a computer outside of my network. This is the result:

  1    <1 ms    <1 ms    <1 ms
  2     *        *        *     Request timed out.


  6    25 ms    26 ms    23 ms  core1.nyc4.he.net []
  7    32 ms    23 ms    23 ms  100ge9-1.core1.tor1.he.net []
  8    21 ms    23 ms    24 ms  connex-internet-services-inc.10gigabitethernet3-
1.core1.tor1.he.net []
  9   133 ms   112 ms    71 ms
 10    29 ms    29 ms    29 ms  240.xxx.xxx.xxx.myispnamewashere.ca [xxx.xxx.xxx.240]
 11    30 ms    30 ms    33 ms
 12    34 ms    34 ms    35 ms  240.xxx.xxx.xxx.myispnamewashere.ca [xxx.xxx.xxx.240]
 13    36 ms    47 ms    34 ms
 14    44 ms    40 ms    41 ms  240.xxx.xxx.xxx.myispnamewashere.ca [xxx.xxx.xxx.240]
 15    41 ms    41 ms    41 ms
 16    47 ms    56 ms    47 ms  240.xxx.xxx.xxx.myispnamewashere.ca [xxx.xxx.xxx.240]
 17    46 ms    47 ms    47 ms
 18    52 ms    52 ms    53 ms  240.xxx.xxx.xxx.myispnamewashere.ca [xxx.xxx.xxx.240]
 19    53 ms    54 ms    55 ms
 20    64 ms    62 ms    61 ms  240.xxx.xxx.xxx.myispnamewashere.ca [xxx.xxx.xxx.240]
 21    61 ms    59 ms    60 ms
 22    65 ms    64 ms    66 ms  240.xxx.xxx.xxx.myispnamewashere.ca [xxx.xxx.xxx.240]
 23    67 ms    66 ms    65 ms
 24    73 ms    71 ms    71 ms  240.xxx.xxx.xxx.myispnamewashere.ca [xxx.xxx.xxx.240]
 25    73 ms    78 ms    73 ms  ^C

Open in new window

So.... it's hitting my .240 address, and looping around somehow. Does anyone know what's going on?
Question by:Frosty555
  • 2

Expert Comment

ID: 40307159

Sounds to me you don't have a static route to those other segments.  I'll look at my router tomorrow and see what I did for mine.

Good Luck!
LVL 18

Assisted Solution

Akinsd earned 2000 total points
ID: 40307236
I'm surprised that you were able to add the 2 addresses on the firewall. More surprised that you were able to assign .240 address with a /30 notation on an interface.
From your statement above, you have x.x.x.240 /30 address meaning Your network ID is x.x.x.240 and your broadcast address is x.x.x.243. The only available addresses to use are x.x.x.241 and 242. I'm curious to find out what your gateway on the ISP side is.

/30 addresses are point to point links

Something is not adding up.

Well, with that mystery aside, you should check your route statements. The issue is on 240.x.x.x because that's where the route loop started from. Check that the default gateway (default route) is not (that's what it seems like to me)
TTL decreases as it hits a routable interface (decrements by 1) The two routers are bouncing traffic betwen themselves and the TTL eventually becomes 0 and the traffic stops. without ttl, the madness would go on forever.

Again, check the route statements or route map on the 240.x.x.x router. That's where the problem is
LVL 31

Author Comment

ID: 40313278

Yeah I agree with you - they advertised it as 2x static IP addresses, they said it was a /30 block, customer support suggested that the available addresses should be .241 and .242, and yet when I got the invoice it has a line item titled "4 IPs (/30 subnet) $5/month", the PPPoE interface in pfSense gets the .240 address as it's first address, and I can do NAT on all four IPs , .240, .241, 242 and 243 without any difficulty. The customer service for my ISP is pretty weak, so you have to take everything they say with a grain of salt.

So you're right, something doesn't add up, and my guess is that what the ISP is calling  "/30" block is referring to something different than what you and I are used to.

And indeed, the gateway on the ISP side, as provided by the PPPoE interface, is, Subnet mask is The first three stanzas of that IP address are significantly different from the static IPs that have been assigned to me.

Okay so you put me on the right path, I checked in Diagnostics->Routes and I could see that only the .240 address was listed in the routing table. Meaning my pfSense router was sending packets destined for xxx.xxx.xxx.241 right back out to the ISP's gateway, who sent the packets right back to me, and they went back and forth until the TTL expired.

I went back into the Virtual IP Address section, and almost by accident, I set the "Interface" to be "LAN" instead of WAN.

After I did that, I was able to ping the address properly, and the NAT is still working.

That seems weird to me. I thought the interface for this virtual IP ought to be WAN. Does that sound right to you?
LVL 18

Accepted Solution

Akinsd earned 2000 total points
ID: 40320590
You may be able to configure NAT on the four IPS but only 1 of them is beneficial to you.
240 is your network identifier and 243 is your broadcast address. Neither of this can be configured on a host. They are valid IPs but they assume specific roles.
I understand the ISP biling for 4 addresses. 240 and 243 are still IP addresses. 241 is on your interface which most likely connects to a modem .242 Those accounts for your 4 addresses but the only one you can NAT to is the 241 in overload mode.

Your connection to the ISP is technically a WAN connection but in reality, it is a LAN. Your router is connecting to a modem which connects to the ISP. Meaning your direct connection to the modem is a LAN.

WANs are generally used on Serial Ports connecting to ATM, Frame Relay, MPLS etc. You are not directly connected to those, therefore, your connection is a LAN.

I hope that helps

Featured Post

Ready for your healthcare security check-up?

In the past few years, healthcare organizations have become a prime target for advanced attacks. Does your organization have what it needs to defend itself? Schedule your healthcare security check-up today and download our free Healthcare Security Resource Kit today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
In this article, the configuration steps in Zabbix to monitor devices via SNMP will be discussed with some real examples on Cisco Router/Switch, Catalyst Switch, NAS Synology device.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

927 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question