2

Initially I had a raspberry pi/pi2 on my network beating my router dhcp server and serving up IPs and because of some default options Windows clients started receiving the IP address of the pi2 dhcp server as its gateway. I fixed that by adding specific gateway router option to my dhcpd config on the raspberry pi.

But apparently on my Windows 10pc .200 I keep getting this seeming manual route (regardless if over wifi or lan) to one of my PCs lets call it 192.168.1.100 with netmask 255.255.255.255 and gateway 192.168.1.50 (pi2 address)

So when I do route print it gives:

192.168.1.100  255.255.255.255     192.168.1.50   192.168.1.200     26

So because of this I can't connect/ping from my Windows 10pc to the .100 ip

It will work after I route delete -p 192.168.1.100 but later it re-adds itself

netsh interface ipv4 show route:

No       Manual    1    192.168.1.100/32          10  192.168.1.50

I looked in registry and I didn't see any persistent routes in there (Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes )

How can I tell from where/how this phantom network route keeps coming back?

UPDATE: I just came back to use PC and again I found that route was re-added: 

192.168.1.100  255.255.255.255     192.168.1.50   192.168.1.200     26

and when I do arp -a I no longer see an entry at all for 192.168.1.100 and I can't ping or connect to .1.100 until I again route delete it.

Improve this question
2
  • Might be your router that has the long memory. Try to delete the route and immediately reboot the router.
    – harrymc
    Commented Jul 26, 2019 at 16:15
  • you think my 192.168.1.1 router is giving out the wrong route or you mean the raspberry pi2 whose ip is .1.50 is giving out the bad route? my only confusion is that before the network/lan pc's were setting .1.50 as their gateway for the entire .1.0/24 network not just a specific route. And after I set on the pi2 .1.50 a specific router option to set gateway address to .1.1 then the PCs no longer had .1.50 for the gateway to .1.0/24 network. I guess it wouldn't hurt to Reboot the pi2 just in case though I did stop restart service etc previously. thx
    – htfree
    Commented Jul 26, 2019 at 20:10

1 Answer 1

Reset to default
0

/32 routes can appear due to an ICMP Redirect, if the firewall is configured to accept them.

Take a look at your ARP cache using arp -a – does it list the correct MAC address next to 192.168.1.100? It might be pointing to a device that used to be .1.100, but isn't anymore; so when your outdated ARP cache entry directs the packets there, the device with that MAC address redirects you to what it thinks is a more correct path.

(The "correct path" is based on what the MAC address' owner has as its default gateway.)

Improve this answer
3
  • Interesting info but in my case I just checked arp -a and MAC for .1.100 matches what I see when I look at ipconfig /all on that machine. And .1.100 is a manually set static IP address. But my .200 windows10pc exhibiting problem is set to DHCP. I'm guessing I can maybe fix by making this .200 to be manual/static-IP but i'd rather diagnose issue if possible to avoid similar in the future.
    – htfree
    Commented Jul 26, 2019 at 15:00
  • I'll try to redo the arp -a command again when that static route gets re-added. Right now I ran it "after" I already removed the bad route with route delete.
    – htfree
    Commented Jul 26, 2019 at 15:07
  • arp -a gives same "correct" MAC address for .1.100 whether during wrong route present or during time its deleted. But interestingly arp -a says its "dynamic" when in fact that win7pro system has its IP set statically not with DHCP.
    – htfree
    Commented Jul 26, 2019 at 23:19

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .