Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Multi WAN and incoming connections

    Scheduled Pinned Locked Moved Routing and Multi WAN
    1 Posts 1 Posters 421 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      madivad
      last edited by

      Ok, I thought I had it all sorted. I have pfsense, 2x internet connections, multi-WAN enabled and seems to be functioning well most of the time.

      I have several real and virtual servers setup, no 1:1 setup but all the rules appear to be working as expected.

      There are minimal ports open to the internal network, but they are 2 web servers sharing an internal IP on a VM being served by apache virtual hosts.

      I know it wasn't required but I did split the web servers via DNS to come in on each of the external IPs. ie, each domain name came in on one IP only.

      Both domains work without any hitches what-so-ever under normal operations.

      My connections are 100MBit and 20MBit and I can generally download 120MBit anytime.

      I have the loadbalancer setup and it mostly seems to work.

      Tonight we had an actual outage on one of the lines and unfortunately it was the incoming for the website I am currently working on. Fine for me locally, but the remote users couldn't access it.

      What was interesting is that I couldn't get to either of them. Initially I didn't think much of that and I logged into my DNS and added the IP address of the server incoming connection that was up and added the website I was working on.

      To my surprise, I could not get to either of the websites.

      I struggled with it for some time before I gave up.

      Low and behold, when the service comes back up, I am able to access both webservers externally again.

      Internally there was never a problem, but externally, while one of the lines were down, I couldn't get to either and that was under normal conditions (each server with it's own public IP, even if one of them was down) and even with both servers having both IPs entered into the DNS.

      From the top, my routing are the first three images. My gateway groups are the 4th image.

      The remaining images are the firewall NAT and rules for each interface.

      The most odd about it though, was that the firewall logs were indicating that a connection was being made and there was traffic being passed through. But I wasn't seeing it on the phone I was using that was disconnected from the wifi.

      Apache logs from the webserver also confirm there were no active connections until both lines were up.

      I know I probably haven't included enough yet, but if anyone could steer me in the right direction I'd appreciate it.

      mwan1-routing.png
      mwan1-routing.png_thumb
      mwan-routingwan1.png
      mwan-routingwan1.png_thumb
      mwan-routingwan2.png
      mwan-routingwan2.png_thumb
      mwan-groups.png
      mwan-groups.png_thumb
      mwan-firewall-nat.png
      mwan-firewall-nat.png_thumb
      mwan-firewall-rules-wan1.png
      mwan-firewall-rules-wan1.png_thumb
      mwan-firewall-rules-wan2.png
      mwan-firewall-rules-wan2.png_thumb
      mwan-firewall-rules-lan.png
      mwan-firewall-rules-lan.png_thumb

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.