Firewalla routing 10.0.0.0 addresses via public internet

Follow

Michael J Gannon

• January 14, 2026 17:09

I am using a network in my home lab using 10.60.0.0/24 and could not reach my hosts from my LAN1 network

I logged into the Firewalla and did a traceroute to my host address and got

pi@Firewalla:~ (Firewalla2) $ traceroute 10.60.0.11
traceroute to 10.60.0.11 (10.60.0.11), 30 hops max, 60 byte packets
 1  154.61.62.145 (154.61.62.145)  3.723 ms  4.011 ms  4.349 ms
 2  172.16.0.37 (172.16.0.37)  5.062 ms  5.061 ms  5.016 ms

It seems the FW is routing packets destined for a 10.0.0.0/8 network externally

 

Once i added a static route internally, my traceroute worked as expected

 

pi@Firewalla:~ (Firewalla2) $ traceroute 10.60.0.11
traceroute to 10.60.0.11 (10.60.0.11), 30 hops max, 60 byte packets
 1  172.17.1.244 (172.17.1.244)  0.450 ms  0.334 ms  0.271 ms
 2  10.40.0.1 (10.40.0.1)  6.629 ms  6.580 ms  6.520 ms
 3  10.20.0.4 (10.20.0.4)  0.143 ms  0.091 ms  0.135 ms
 4  * * *
 5  * * *

 

Thoughts ?

 

 

0

• 

  FirewallaSupportDesk

  • January 15, 2026 00:42

  Is 10.60.0.0/24 NOT a Firewalla's own LAN network? Firewalla will treat any network spaces that are outside its own LAN/VPN network as internet. Firewalla doesn't have a route to an outside network, even though it's being a private IP range. Hence, a static route is required to route traffic correctly. 

  0

  Comment actions Permalink

Please sign in to leave a comment.