Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pfBlockerNG 3.1.0_7 prevents dual WAN failback

    Scheduled Pinned Locked Moved pfBlockerNG
    5 Posts 2 Posters 736 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M Offline
      mikst
      last edited by

      I am new to pfSense and not sure if I am doing anything wrong. I have dual fail-over WAN setup. pfBlockerNG seems to block the setup to fail back after the main WAN recovers. I tested it few times and it's consistent.

      With pfBlockerNG disabled, pfSense fails back to the main WAN in less than a minute, right away when I see it reporting that default gateway is default again. With pfBlockerNG enabled, pfSense restores default gateway as fast, however traceroute never reports failing back to the default WAN.

      S 1 Reply Last reply Reply Quote 0
      • S Offline
        SteveITS Galactic Empire @mikst
        last edited by SteveITS

        What parts of pfBlockerNG-devel are you using? For instance if you have DNSBL, and you just disable that does it fail back?

        Edit: are you saying it used to work and broke in _7?

        Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to reboot, or more depending on packages, CPU, and/or disk speed.
        Upvote 👍 helpful posts!

        M 1 Reply Last reply Reply Quote 0
        • M Offline
          mikst @SteveITS
          last edited by

          @steveits Just tried with DNSBL disabled, same result. I did not configure MaxMind. Let me know if you want me to try some specific configuration.
          _7 is the first version I use. The WAN failover recovers when I disable pfBlockerNG completely on the general settings. I disable pfBlockerNG and tracerute shows default WAN again.
          I am using SG-3100.

          S 1 Reply Last reply Reply Quote 0
          • S Offline
            SteveITS Galactic Empire @mikst
            last edited by

            @mikst Does it fail back if you browse to the System/Routing page? (rather old bug I thought was fixed)

            What does Status/Gateways show when it isn't working?

            You're sure it's not just an open state for the traceroute? (i.e. try other targets)

            Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
            When upgrading, allow 10-15 minutes to reboot, or more depending on packages, CPU, and/or disk speed.
            Upvote 👍 helpful posts!

            M 1 Reply Last reply Reply Quote 0
            • M Offline
              mikst @SteveITS
              last edited by

              @steveits The Gateway status shows the right default gateway but traceroute still shows the fail-over WAN.

              It does not fall back by just going to the Routing page. Traceroute starts showing the default WAN the moment I turn off pfBlockerNG.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.