Routing problem from local interface

Question

Hi, I have a virtual UTM running on a ESXi server, two intefaces: - ETH0, with a public IP - ETH1, with a local subnet 172.168.15.1 
 My problem is that I can't reach/ping anything on the WAN when I ping over the private interface (172.168.15.1):

PING 8.8.8.8 (8.8.8.8) from 172.168.15.1 eth1: 56(84) bytes of data.

From 172.168.15.1: icmp_seq=1 Destination Host Unreachable

From 172.168.15.1 icmp_seq=1 Destination Host Unreachable

From 172.168.15.1 icmp_seq=2 Destination Host Unreachable

I have another Vmware guest in the private subnet with IP 172.168.15.100 with 172.168.15.1 (the private ip of the UTM) from where I can succesfully route out. I have set a Masquerading rule for that (Network: internal / Interface: public). But I have no routing directly from 172.168.15.1. This is my routes table: 
 default via 213.239.207.193 dev eth0 table 200 proto kernel onlink default via 213.239.207.193 dev eth0 table default proto kernel metric 20 onlink 10.0.0.0/16 dev eth0 proto ipsec scope link src 172.168.15.1 10.242.2.0/24 dev tun0 proto kernel scope link src 10.242.2.1 127.0.0.0/8 dev lo scope link 172.168.15.0/24 dev eth1 proto kernel scope link src 172.168.15.1 213.239.207.192/27 dev eth0 proto kernel scope link src 213.239.207.100 broadcast 10.242.2.0 dev tun0 table local proto kernel scope link src 10.242.2.1 local 10.242.2.1 dev tun0 table local proto kernel scope host src 10.242.2.1 broadcast 10.242.2.255 dev tun0 table local proto kernel scope link src 10.242.2.1 broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1 local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1 local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1 broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1 broadcast 172.168.15.0 dev eth1 table local proto kernel scope link src 172.168.15.1 local 172.168.15.1 dev eth1 table local proto kernel scope host src 172.168.15.1 broadcast 172.168.15.255 dev eth1 table local proto kernel scope link src 172.168.15.1 broadcast 213.239.207.192 dev eth0 table local proto kernel scope link src 213.239.207.100 local 213.239.207.100 dev eth0 table local proto kernel scope host src 213.239.207.100 broadcast 213.239.207.223 dev eth0 table local proto kernel scope link src 213.239.207.100 unreachable default dev lo table unspec proto kernel metric 4294967295 error -101 unreachable default dev lo table unspec proto kernel metric 4294967295 error -101 unreachable default dev lo table unspec proto kernel metric 4294967295 error -101 local ::1 dev lo table local proto unspec metric 0 unreachable default dev lo table unspec proto kernel metric 4294967295 error -101 What am I missing?

Jaydeep · Answer

Hi GKR 
 When you initiate a PING from an interface in UTM 9, using ping -I eth1 8.8.8.8, UTM9 will try to send out the traffic from the eth1 interface. That is why you'll not be able to ping any Internet IPs using this on the LAN interface. You can also observe this using another SSH session and doing a tcpdump for the destination traffic or on the interface. This works fine as long as you try it on your different WAN interfaces to check the connectivity. 
 Hope this helps.