I understand this is a test setup, but the first question is... why are you using public IP's on your LAN?

Then... instead of us making assumptions, provide a network map to show how are things connected, so we can get a better view of your objective.

Lastly, what is your objective? Why are there two firewalls? Is there a reason 192.168.10.0/24 needs to be behind a 2nd firewall?

It did!

I just added the route and it complained it needed a new gateway first, added that then the static route, then went to the interfaces and changed the name, something that would've set it off for the deletion of the routes, this time the website responded back as it normally would.

Now I'm gonna make clones of this for the next step.

Thanks anyway! Hopefully leaving this here helps anyone else. :)

@kpa Thanks. I thought you could never address a 192.168.1.x address and similar outside your own subnet. Then it makes sense why the firewall would have an impossible task managing a setup with two similar subnets.

Thank you @jimp

That helps clarify quite a bit. There really isn't much available about the "Skip Rules" setting.

Based on the documentation, your answers are what I expected, but I wanted to be sure.

Thanks again,
Josh

Your alarm log seems to be showing 2 different dest_addr, 64.4.226.254 and 64.4.226.252. I'd suggest you look at your PPP log, I suspect the connection is dropping and being restarted frequently.

You can see here for example a PPPoE connection that went down unexpectedly because the LCP protocol stopped receiving replies and tore down the connection:

...lots more log about connection going down Jul 23 10:28:55 ppp [wan_link0] LCP: state change Opened --> Stopping Jul 23 10:28:55 ppp [wan_link0] LCP: peer not responding to echo requests Jul 23 10:28:55 ppp [wan_link0] LCP: no reply to 5 echo request(s) Jul 23 10:28:45 ppp [wan_link0] LCP: no reply to 4 echo request(s) Jul 23 10:28:35 ppp [wan_link0] LCP: no reply to 3 echo request(s) Jul 23 10:28:25 ppp [wan_link0] LCP: no reply to 2 echo request(s) Jul 23 10:28:15 ppp [wan_link0] LCP: no reply to 1 echo request(s)

Sorry for beeing unclear - at the beginning, I had an another initial situation.

I have 2x 1 GBit copper wan cables going inside to the firewall.

The other card with two ports in the firewall (I have 4x 1 GBit ports) is connected with a Cisco Layer 3 Switch/Router.

At the moment the Firewall is connected with a Carp interface to the Cisco switch and I want to change this to an LACP to get the, hopefully, possibility to utilize the two 1 GBit WAN ports.

Now (Failover):
CARP LAN with 2 ports -> pfSense -> 2x 1 GBit WAN links -> provider router

Later (Failover and 2 GBit on LAN side):
LAG with 2 ports -> pfSense -> 2x 1 GBit WAN links -> provider router

Edit
Got it... shitty VMware Workstation. Some trouble with duplicate Mac addresses.

The LACP is up and running but I can't verify my configured load-balance mode (src-ip). When I have one download I have 12 MB/s (LAN 100 MBit and WAN 1 GBit) and with two computers I have 2x 6 MB/s.

Edit2
Ok guys - in the end, I realized that one of the network cards are broken. After buying a new card - everything is working like a charm

Yeah, in fact it's working like a charm, it's communicating don't know why it was not before, but it seems ok.

Thanks again for your explanatiosn and your time :)

Fantastic, thanks!

Dear viragomann,

Thanks for the directives I shall certainly take a look into doing so when time permits.

Do have a pleasant weekending!
Peace
Fuquan

@awebster said in Routing from LAN to WAN Upstream Gateway not working:

A1

Now my brain has melted. However, on johnPOZ's suggestion I've now got VyOS running, relaying DHCP correctly and allowing bi-directional comms between my two test subnets, and from both subnets to the downstream gateway and on to the web.

I thank you for your help. Even if the result was to point me at another product to try :-)

You will have to disable gateway monitoring for the second WAN, so it can't detect if it's down, but otherwise it may function OK.

I think this has something to do with connecting pfsense wan to my ISPmodem(home hub 3000) and using the Advance DMZ? raceroute shows the second hop is my ISP router 192.168.0.11 however, pfsense is still getting a external IP 142.134.91.xx

maybe i am going down the wrong path here?

pfsense IP from advance DMZ:142.134.91.xx
gateway: 142.134.88.1
Monitor IP: 142.134.88.1
Bell router IP: 192.168.11
pfsense router IP: 192.168.0.2

Not sure what 192.168.2.1 is below in the dhcp catt from pfsense

traceroute to google.ca (172.217.10.131), 30 hops max, 60 byte packets
1 pfsense.WORKGROUP (192.168.0.2) 0.696 ms 0.661 ms 0.640 ms
2 bell router 192.168.0.11 (192.168.0.11) 1.858 ms 1.850 ms 1.854 ms
3 loop0.6cw.ba17.hlfx.ns.aliant.net (142.176.50.10) 1.928 ms 1.864 ms 1.804 ms
4 ae15-182.cr02.hlfx.ns.aliant.net (142.166.181.141) 1.868 ms 1.794 ms 1.803 ms

[2.4.3-RELEASE][root@router.WORKGROUP]/root: cat /var/db/dh
dhclient.leases.em0 dhclient.leases.em0.35
dhclient.leases.em0.34 dhclient.leases.em0_vlan35
[2.4.3-RELEASE][root@router.WORKGROUP]/root: cat /var/db/dhclient.leases.em0
lease {
interface "em0";
fixed-address 192.168.0.57;
option subnet-mask 255.255.255.0;
option routers 192.168.0.11;
option domain-name-servers 192.168.0.11,142.166.166.166;
option domain-name "home";
option broadcast-address 192.168.0.255;
option dhcp-lease-time 259200;
option dhcp-message-type 5;
option dhcp-server-identifier 192.168.0.11;
renew 0 2018/7/15 01:58:08;
rebind 1 2018/7/16 04:58:08;
expire 1 2018/7/16 13:58:08;
}
lease {
interface "em0";
fixed-address 192.168.0.55;
option subnet-mask 255.255.255.0;
option routers 192.168.0.11;
option domain-name-servers 192.168.0.11,142.166.166.166;
option domain-name "home";
option broadcast-address 192.168.0.255;
option dhcp-lease-time 259200;
option dhcp-message-type 5;
option dhcp-server-identifier 192.168.0.11;
renew 0 2018/7/15 01:43:10;
rebind 1 2018/7/16 04:43:10;
expire 1 2018/7/16 13:43:10;
}
lease {
interface "em0";
fixed-address 142.134.91.xx;
option subnet-mask 255.255.252.0;
option routers 142.134.88.1;
option domain-name-servers 47.55.55.55,142.166.166.166;
option dhcp-lease-time 600;
option dhcp-message-type 5;
option dhcp-server-identifier 192.168.2.1;
renew 1 2018/7/16 20:32:41;
rebind 1 2018/7/16 20:36:26;
expire 1 2018/7/16 20:37:41;
}
lease {
interface "em0";
fixed-address 142.134.91.xx;
option subnet-mask 255.255.252.0;
option routers 142.134.88.1;
option domain-name-servers 47.55.55.55,142.166.166.166;
option dhcp-lease-time 600;
option dhcp-message-type 5;
option dhcp-server-identifier 192.168.2.1;
renew 1 2018/7/16 20:42:44;
rebind 1 2018/7/16 20:46:29;
expire 1 2018/7/16 20:47:44;
}
lease {
interface "em0";
fixed-address 142.134.91.xx;
option subnet-mask 255.255.252.0;
option routers 142.134.88.1;
option domain-name-servers 47.55.55.55,142.166.166.166;
option dhcp-lease-time 600;
option dhcp-message-type 5;
option dhcp-server-identifier 192.168.2.1;
renew 1 2018/7/16 20:52:47;
rebind 1 2018/7/16 20:56:32;
expire 1 2018/7/16 20:57:47;
}
lease {
interface "em0";
fixed-address 142.134.91.xx;
option subnet-mask 255.255.252.0;
option routers 142.134.88.1;
option domain-name-servers 47.55.55.55,142.166.166.166;
option dhcp-lease-time 600;
option dhcp-message-type 5;
option dhcp-server-identifier 192.168.2.1;
renew 1 2018/7/16 21:02:50;
rebind 1 2018/7/16 21:06:35;
expire 1 2018/7/16 21:07:50;
}
lease {
interface "em0";
fixed-address 142.134.91.69;
option subnet-mask 255.255.252.0;
option routers 142.134.88.1;
option domain-name-servers 47.55.55.55,142.166.166.166;
option dhcp-lease-time 600;
option dhcp-message-type 5;
option dhcp-server-identifier 192.168.2.1;
renew 1 2018/7/16 21:12:53;
rebind 1 2018/7/16 21:16:38;
expire 1 2018/7/16 21:17:53;
}

Thank you very much for your help, I already solved by removing the NAT. regards

I recently upgrade to 2.4.3-RELEASE-p1 and this is working properly now. Not sure if the upgrade fixed it or maybe it just needed a reboot.