I think this might be an issue with the setting of "Skip Rules When Gateway is Down". It seems I want this setting enabled so that when the cable modem gateway specified in the allow rule is down, the rule doesn't just turn into an allow rule for the default gateway (which has become the 3g backup connection).

https://docs.netgate.com/pfsense/en/latest/multiwan/load-balance-and-failover.html

-Rico

Hi,

Without seeing other details of your configuration, it seems that you may have to use "policy based routing" in your LAN rules, meaning you may have to assign two rules and specify which gateway to use for the two different destinations.
in the rules section, click on Advanced, and scroll down and then specify which gateway.
this may help. we had a similar issue recently with our multi-wan setup.

Okay, that issue were going pretty weird already.

You can simply check your public IP by going to https://whatismyipaddress.com or something like that in the clients browser.

I've set up a VIP between my two BGP routers, and set upstream gateway to this VIP

@Raffi_ Yep, I've got it set up like that already.

@johnpoz The LAN subnet configuration was ok, because I changed it when I installed the pfsense (otherwise as you said before it would have overlapped ISP router’s LAN). Looks a lil strange to me that I didn’t find the problem. Maybe looking at the state table would have been a good idea but since I’ve solved it “the easy way” and the state table is now renewed it’s useless now to take a look at it. Thanks for the help by the way!

Cannot see any files. Just take screenshots of the modem gui pages

@brightwolf You can set a custom MAC address after you enable an interface.

screenshot673423.png

5th line down, under the specific interface settings screen.

Jeff

@dgilmour77 , I have the same problem with a configuration similar to yours. I cannot recall it for sure, but I think DynDNS worked OK in dual WAN prior to release 2.4. Pfsense documentation advises us to use GW groups as interfaces for DynDNS, but doing so has the effect you have described.

I wonder if something like that happens with dual WAN load balancing scenarios, i.e., although both WANs may be up, traffic will only flow through one of them.

BTW, as for the DynDNS situation, I am using the workaround suggested by @viragomann.

@Rico The configuration for each interface did not have the name or the gateway configured.

Once I configured those I could set a monitor IP and everything worked.

@gswhite said in pFsense unable to install packages:

Anyone come across this issue before please that could offer advice or help?

Try running these from a console and make sure you are on 2.4.5-p1:

pkg-static -vv
pkg-static update -f
pkg-static upgrade -n

@heper said in Gateway based on source:

@sr10977 said in Gateway based on source:

If traffic comes in to WAN A, it goes out via WAN A (default)
If traffic comes in to WAN B, it goes out via WAN A (default)

that's not default ... that's assymetric routing & will fail miserably.

you probably have some configuration problem

this behavior occurs when upstream gateway is not set on WAN interfaces

@JeGr said in Multiple Gateways on same subnet:

Why not simply reconfigure those routers

Because some devices (not mine) directly connected to router 1 have in their routing table certain rules to redirect traffic through 10.1.0.4. Hence those routers need to be on the same subnet.

These routers are shared by around 20 people, in 4 rooms on single floor. Hence I cannot change settings on those routers.

Updated setup :

Router 1 (College Campus) : 10.1.0.1/16
Router 2 (ISP Router) : 10.1.0.4/16
Both Routers connected to each other. Hence R1, R2, pfSense WAN on same layer 2 network.

pfSense :
WAN 1 : 10.1.0.2/30 Gateway : 10.1.0.1 (Default Route)
WAN 2 : 10.1.0.5/30 Gateway : 10.1.0.4
LAN 1 : 192.168.1.1/24

Firewall Rules for LAN :
Alias containing FQDN of all websites :
6b96fa66-776e-4ff8-bbe7-aedc38148776-image.png
LAN Firewall Rules :
3afd9723-cda6-4f17-aa55-6f24bb65fd59-image.png

Traceroute Diagnostics :
8e909d0a-e047-4a0a-b12c-790c0c05c888-image.png

Results :
e5319961-1ec7-4e52-aa9a-b74a76de46e9-image.png

Test (if BlockedWebsites firewall rule is disabled)
b0c5d34f-029d-4947-a6a8-1741f6e7d4af-image.png

So yes, I believe that Sophos ( the firewall which my campus uses) blocks access to the TLD name, hence blocking any chance of redirect. So I guess I was partly right in saying that Sophos can't really block CDNs since many websites originate from the very same CDN.

Also, I still can't understand properly what causes so much trouble if both the gateways are on the same subnet.

I understand reverse proxy could help, although I'm not sure the appliances in question would be happy with it.