Question about why both WANS stop working when only 1 is unplugged

sullrich

@sai:

Maybe DNS is misconfigured. If I remember correctly you need to have static routes to make sure that requests to your ISPs DNS server goes out correctly - policy based routing does NOT work for requests from the firewall itself.

That is correct.

hoba

Quickguide:
At system>general, use one DNS from WAN, one from WAN2. Then add a static route at system>static routes to <dns of="" wan2="">/32 to your wan2 interface with gateway <wan2 gateway="">. That should fix it.</wan2></dns>

zboll

what should I put as WAN2 gateway?  the IP address of WAN2?

hoba

the gateway of WAN2. You can see it at status>interfaces.

zboll

Thanks, I got it working now.

I dont have 3 WANS at the moment, but would it be possible to do policy based with 3 WANS using pfsense.  I ask because in system->general, there is only spots for two dns servers.

thanks,
Zack

hoba

In general yes. Unless the 2 lines with the dns server fail simultaneously you would be ok. I think you can add a 3rd, 4th, … DNS through hidden config.xml settings too (download your config.xml and duplicate a dns setting and add another dns server there).

guigux

Hi
i ve the same problem than described above .
:P

I ve made a load balencer pool based on 2 wan (static IP )
Load balencer work very well , (i ve putted rules in wan and wan2 for emule , then high id )

I m using opendns (that give me 2 dns adress , opendns work very well , better than mines isp ones  ::) )
then i ve filled first DNS field in :

System > general >  two dns server's field  and unchecked the "Allow DNS server list to be overridden by DHCP/PPP on WAN
"

and not in the dns forwarder , …..

Then , when 1 wan is unplunged , the total group is down ?!  ???

an idea ?

sai

Gulgux,

What do you mean by " the total group is down" ? Do you mean that you cannot browse or that the link is down (and you cannot ping the gateway of the second link that is up?

If you cannot  browse then may be it is due to DNS server not being accessible. You need to make a static route so that the second DNS server is connected to via the second Link.

guigux

exactly , can't have a dns resolve in fact .
the second member in the group seem to be still working (emule traffic is okay )

then , yes,  dns problem …
i will try to put a static route , then i must put a static route on wan2 ?

regards

hoba

system>static routes:
add a route like "Interface OPT-WAN, subnet <dns-server at="" opt-wan="">/32, gateway <opt-wan-gateway>Then male sure you use this DNS at system>general as one of your dns servers (one from WAN and one from OPT-WAN).</opt-wan-gateway></dns-server>

guigux

thanks ! ;)