Unable to get trafic over Opt1 in Dual Wan setup

hoba

What's the status for wanadoo at status>interfaces?

Also can you ping the wanadoo gateway directly from the pfsense at diagnostics>ping?

One thing that makes me wonder is why you can still get internetaccess from LAN subnet. Your rules should send it out wanadoo and in case it is down you should not be able to get to the internet from there.

You did apply the rules right?

rtuin

Hi Hoba,

Status -> interfaces -> WANadoo = up

Diagnostics -> ping ->

Host 192.168.1.1
Interface Wanadoo
count 3

Ping output:

PING 192.168.1.1 from 192.168.1.11: 56 databytes,

3 packets transmitted, 3 packets received,

Diagnostics -> ping ->

Host 192.168.1.1
Interface LAN
count 3

Ping output:

PING 192.168.1.1 from 192.168.2.1: 56 databytes,

3 packets transmitted, 3 packets received,

Yes ping to the WANadoo gateway is not a problem, butif I do:

Diagnostics -> ping ->

Host 145.52.123.4 (some external ip)
Interface Wanadoo
count 3

Ping output:

PING 145.52.123.4 from 192.168.1.11: 56 databytes,

3 packets transmitted, 0 packets received, 100% packet loss.

Since this wanadoo connection works in routed mode to make sure this modem is not being funny, I also have a notebook connected as 192.168.1.33, that I am using now to type this reply. So the internet connection over this routed modem works for sure.

quote:
One thing that makes me wonder is why you can still get internetaccess from LAN subnet. Your rules should send it out wanadoo and in case it is down you should not be able to get to the internet from there: / quote

That is exactly why I am posting here, in my previous post I quotes my rules exactly as they are.
My lan connections have via DHCP a 192.168.2.x ip with gateway 192.168.2.1 so it is realy the firewall related ..

I have some additional NAT entries but they all relate to the DMZ for example:

Firewall -> NAT -> Port Forward

If Proto Ext. port range NAT IP Int port range Description
WAN TCP 22 192.168.10.111 22 SSH access

Corresponding rule:

Firewall -> Rules -> WAN

Proto Source Port Destination Port Gateway Description
* Some ext IP * 192.168.10.111 22 * NAT SSH access

and some more for other ports.

I have NO Firewall -> Rules entry for Wanadoo only a single entry in DMZ to block off LAN access:
Proto Source Port Destination Port Gateway Description
* DMZ net * !LAN net * * Permit DMZ to any BUT LAN

I hoped tp post that I was stupid and made a small mistake and have it sorted, but not yet I seem to be unable to spot the cause..

Hoping to have provided all needed information for hopefully a sugestion

regards,

rowdy

hoba

Something is wrong Maybe just a typo somewhere…I suggest restaring the configuration from scratch ::)

rtuin

Hi,

It works now !!!

I rechecked all rules NAT etntries etc. Dit edit and save on each one.. it did not yet work.. but then I did a reboot and it started working.

So for some reason the firewall rules did not load correctly or better said; did not change without a system reboot.

Any way I hope my config posted here might work as a reference for some of you out there..

cu

rob_v

@rtuin:

Hi,

It works now !!!

I rechecked all rules NAT etntries etc. Dit edit and save on each one.. it did not yet work.. but then I did a reboot and it started working.

So for some reason the firewall rules did not load correctly or better said; did not change without a system reboot.

Any way I hope my config posted here might work as a reference for some of you out there..

cu

Sounds as a bug?
I got the same problems see catch all forum and search for bug report.

hoba

I just installed a multiwan system at a location with portforwards at optwan and policybasedrouting for outgoing traffic. Didn't run into this problem. Please try to reproduce step by step and post the steps how to reproduce this problem.

rtuin

Hi Rob / Hoba

Hoba, it seems we were typing at the same moment.

If I change routing back to default gateway, after hitting apply and save, traffic keeps being routed over the wanadoo OPt1 interface.

Finding:

After reboot policy based routing of LAN to OPT1 works. DMZ routed over WAN works. -> conclusion my rules and NAT entries are correct.

Reproduction:

1) Firewall -> Rules -> LAN -> edit -> change gateway to default ( from OPT1 to WAN in this case).
2) Hit SAVE
3) Apply changes
4) click Monitor -> Done. The filter rules have been reloaded.
5) open dosbox on LAN connected machine and do tracert www.nu.nl
6) result: hob goes over OPT1 and NOT over WAN.

Note: I can not reboot at this moment since remote clients are connected. Can only reboot over night.

Just in case: this is the current version I am running:

Version 1.0-RC3
built on Mon Oct 2 01:11:38 UTC 2006

So it seems that if you want to change policy base routing, changes only get active after a reboot. So there might be a bug in this area..

Met vriendelijke groeten,
rowdy

hoba

No bug, connections are stateful. Reset states at diagnostics>states, reset states. Already open states will remain on the wan where the connection was initiated.

rtuin

Hi Hoba,

I was not yet aware of this handle.

However I just did:

1) Firewall -> Rules -> LAN -> edit -> change gateway to default ( from OPT1 to WAN in this case).
2) Hit SAVE
3) Apply changes
4) click Monitor -> Done. The filter rules have been reloaded.
5) Diagnostics -> Reset States -> checkbox marked -> reset.
6) open dosbox on LAN connected machine and do tracert www.nu.nl
7) result: hob goes over OPT1 and NOT over WAN.

Anyway I know I can solve the issue by means of a firewall reboot. But if you want me to test some steps or do some reporting on this just ask me..

zboll

I ran into the same problem running RC3

Played around with it for hours but was not able to get the firewall rules to work, untill after a system reboot. I did the reset states thing too.

Zack

sullrich

Reinstall.