Route Table Contents¶
The current contents of the firewall route table are displayed by the GUI page
at Diagnostics > Routes. The CLI can also be display the route table using
the command netstat -rWn.
Route Table GUI¶
The GUI route table contents looks like Figure Route Table Display.
Route Table Display¶
The route table contents are described in detail later in this document.
Routing Table Display Options¶
The list of routes displayed by the GUI supports pagination and filtering to aid with viewing large routing tables such as those found with a full BGP feed. The top section of the page contains the following options which control the behavior of the page:
- Resolve Names
This option controls whether or not the firewall attempts to resolve items using DNS. The default is unchecked, which disables DNS resolution. When checked, the firewall attempts a DNS lookup to show hostnames rather than IP addresses for route table entries.
Warning
Enabling this feature causes a delay and performance penalty as the page attempts to resolve all of the entries. As the size of the table increases, the delay will also increase and performance will degrade further.
- Rows to display
This option controls the number of rows output from each route table. By default the page displays
100rows. Choose a new value to show more or less rows.- Filter
This text entry box defines a string or pattern which the page uses to search the route table for matching entries. The field supports regular expressions for advanced filtering.
Click 
Update to redisplay the routing table with the current
settings.
Route Table CLI¶
Viewing the route table in the CLI is similar to the GUI. The same information is present, and the labels are similar.
The netstat -rWn command can be run from a console or SSH shell:
$ netstat -rWn
Routing tables
Internet:
Destination Gateway Flags Use Mtu Netif Expire
default 198.51.100.1 UGS 294 1500 vtnet0
127.0.0.1 link#4 UH 20976 16384 lo0
192.168.1.0/24 link#2 U 1 1500 vtnet1
192.168.1.1 link#2 UHS 0 16384 lo0
198.51.100.0/24 link#1 U 116 1500 vtnet0
198.51.100.1 ca:1d:62:6c:c6:9c UHS 191 1500 vtnet0
198.51.100.103 link#1 UHS 0 16384 lo0
Omit the -n flag and the command will attempt to use DNS to resolve IP
addresses to hostnames where possible.
IPv4 and IPv6 Route Table Content¶
The route table information output by either the GUI or the CLI contains the following fields:
- Destination
The destination network or host for this route.
The default route for the each address family is listed as
default. Otherwise, hosts are listed as an IP address and networks are listed with an IP address and CIDR mask or prefix.- Gateway
The next hop through which the firewall will route traffic going to the Destination.
If this column shows a link, such as
link#1, then that network is directly reachable by that interface and no special routing is necessary. If a host is visible with a MAC address, then it is a locally reachable host with an entry in the ARP table, and packets are sent there directly.- Flags
Properties of this route. See Route Table Flags for the meanings of each flag.
- Uses
The total number of packets the firewall has sent via this route.
This is helpful for determining if the firewall is actively using a route as the value will continually increment as packets utilize the route.
- MTU
The MTU for packets using this route.
- Interface
The interface through which the firewall will route traffic for Destination.
- Expire
An expiration time for temporary routes, such as those added from ICMP redirects.
Route Table Flags¶
There are quite a few flags, all of which are covered in the FreeBSD man page for netstat(1). The portion of the content from that document covering flags is reproduced in Route Table Flags.
Letter |
Flag |
Meaning |
|---|---|---|
1 |
RTF_PROTO1 |
Protocol specific routing flag #1 |
2 |
RTF_PROTO2 |
Protocol specific routing flag #2 |
3 |
RTF_PROTO3 |
Protocol specific routing flag #3 |
B |
RTF_BLACKHOLE |
Discard packets during updates |
b |
RTF_BROADCAST |
Represents a broadcast address |
D |
RTF_DYNAMIC |
Created dynamically by redirect |
G |
RTF_GATEWAY |
Destination requires forwarding by intermediary |
H |
RTF_HOST |
Host entry (net otherwise) |
L |
RTF_LLINFO |
Valid protocol to link address translation |
M |
RTF_MODIFIED |
Modified dynamically (by redirect) |
R |
RTF_REJECT |
Host or net unreachable |
S |
RTF_STATIC |
Manually added |
U |
RTF_UP |
Route usable |
X |
RTF_XRESOLVE |
External daemon translates proto to link address |
For example, a route flagged as UGS is a usable route, packets are sent via
the gateway listed, and it is a static route.