Pinging WAN IP address results in  "TTL expired in transit"

Posted on 2014-09-05
Last Modified: 2014-09-13
My ISP provides a VDSL internet service and I'm using a modem that is configured to be in "bridge" mode. I recently signed up to have a block of static IP addresses with my ISP. They gave me a /30 block, lets call it So I have these IP addresses I can work with:

I'm using pfSense 2.0 as my router. I have a WAN interface configured as a PPPoE interface.  It gets the IP address dynamically. I then configured three "Virtual IPs" in the Firewall section for the other three IP addresses, and

So far, everything works. I tested out a few NAT rules, and tested NAT reflection, everything works great!

I wanted to allow pinging the address, so I added a rule to the firewall to allow pinging from the outside world to the WAN IP address ( Under FIrewall->Rules->WAN Tab, I added a rule to allow "ICMP echoreq" from Source: *, to Destination: WAN Address.

Applied this rule, and I  can now ping, no problems!

So, I added another rule to the firewall to allow pinging I thought it work work the same as the first IP address.

Unfortunately, this doesn't work. When I ping that address, I get "TTL expired in transit".

So I tried running a tracert from a computer outside of my network. This is the result:

  1    <1 ms    <1 ms    <1 ms
  2     *        *        *     Request timed out.


  6    25 ms    26 ms    23 ms []
  7    32 ms    23 ms    23 ms []
  8    21 ms    23 ms    24 ms  connex-internet-services-inc.10gigabitethernet3- []
  9   133 ms   112 ms    71 ms
 10    29 ms    29 ms    29 ms []
 11    30 ms    30 ms    33 ms
 12    34 ms    34 ms    35 ms []
 13    36 ms    47 ms    34 ms
 14    44 ms    40 ms    41 ms []
 15    41 ms    41 ms    41 ms
 16    47 ms    56 ms    47 ms []
 17    46 ms    47 ms    47 ms
 18    52 ms    52 ms    53 ms []
 19    53 ms    54 ms    55 ms
 20    64 ms    62 ms    61 ms []
 21    61 ms    59 ms    60 ms
 22    65 ms    64 ms    66 ms []
 23    67 ms    66 ms    65 ms
 24    73 ms    71 ms    71 ms []
 25    73 ms    78 ms    73 ms  ^C

Open in new window

So.... it's hitting my .240 address, and looping around somehow. Does anyone know what's going on?
Question by:Frosty555
  • 2

Expert Comment

Comment Utility

Sounds to me you don't have a static route to those other segments.  I'll look at my router tomorrow and see what I did for mine.

Good Luck!
LVL 18

Assisted Solution

Akinsd earned 500 total points
Comment Utility
I'm surprised that you were able to add the 2 addresses on the firewall. More surprised that you were able to assign .240 address with a /30 notation on an interface.
From your statement above, you have x.x.x.240 /30 address meaning Your network ID is x.x.x.240 and your broadcast address is x.x.x.243. The only available addresses to use are x.x.x.241 and 242. I'm curious to find out what your gateway on the ISP side is.

/30 addresses are point to point links

Something is not adding up.

Well, with that mystery aside, you should check your route statements. The issue is on 240.x.x.x because that's where the route loop started from. Check that the default gateway (default route) is not (that's what it seems like to me)
TTL decreases as it hits a routable interface (decrements by 1) The two routers are bouncing traffic betwen themselves and the TTL eventually becomes 0 and the traffic stops. without ttl, the madness would go on forever.

Again, check the route statements or route map on the 240.x.x.x router. That's where the problem is
LVL 31

Author Comment

Comment Utility

Yeah I agree with you - they advertised it as 2x static IP addresses, they said it was a /30 block, customer support suggested that the available addresses should be .241 and .242, and yet when I got the invoice it has a line item titled "4 IPs (/30 subnet) $5/month", the PPPoE interface in pfSense gets the .240 address as it's first address, and I can do NAT on all four IPs , .240, .241, 242 and 243 without any difficulty. The customer service for my ISP is pretty weak, so you have to take everything they say with a grain of salt.

So you're right, something doesn't add up, and my guess is that what the ISP is calling  "/30" block is referring to something different than what you and I are used to.

And indeed, the gateway on the ISP side, as provided by the PPPoE interface, is, Subnet mask is The first three stanzas of that IP address are significantly different from the static IPs that have been assigned to me.

Okay so you put me on the right path, I checked in Diagnostics->Routes and I could see that only the .240 address was listed in the routing table. Meaning my pfSense router was sending packets destined for right back out to the ISP's gateway, who sent the packets right back to me, and they went back and forth until the TTL expired.

I went back into the Virtual IP Address section, and almost by accident, I set the "Interface" to be "LAN" instead of WAN.

After I did that, I was able to ping the address properly, and the NAT is still working.

That seems weird to me. I thought the interface for this virtual IP ought to be WAN. Does that sound right to you?
LVL 18

Accepted Solution

Akinsd earned 500 total points
Comment Utility
You may be able to configure NAT on the four IPS but only 1 of them is beneficial to you.
240 is your network identifier and 243 is your broadcast address. Neither of this can be configured on a host. They are valid IPs but they assume specific roles.
I understand the ISP biling for 4 addresses. 240 and 243 are still IP addresses. 241 is on your interface which most likely connects to a modem .242 Those accounts for your 4 addresses but the only one you can NAT to is the 241 in overload mode.

Your connection to the ISP is technically a WAN connection but in reality, it is a LAN. Your router is connecting to a modem which connects to the ISP. Meaning your direct connection to the modem is a LAN.

WANs are generally used on Serial Ports connecting to ATM, Frame Relay, MPLS etc. You are not directly connected to those, therefore, your connection is a LAN.

I hope that helps

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Join Greg Farro and Ethan Banks from Packet Pushers ( and Greg Ross from Paessler ( for a discussion about smart network …
Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now