Load Balancing faulty for second LAN
-
What snapshot do you use?
-
So its a DNS issue not connectivity from Public? What DNS server do your Public clients use? If the DNS server for Public clients is the firewall then you have to have static routes setup for the DNS servers from the 2 ISPs.
-
What snapshot do you use?
1.2 Beta 1 (no snapshots)
@sai:
So its a DNS issue not connectivity from Public? What DNS server do your Public clients use? If the DNS server for Public clients is the firewall then you have to have static routes setup for the DNS servers from the 2 ISPs.
Well… I don't think it is a DNS issue. On the rule allowing DNS traffic out from Public, if I set the gateway to either WAN or WAN2, it works fine. It's only when I set the rule to Load Balance that DNS becomes spotty. As I said, when using Load Balance EVERYTHING becomes spotty, http requests, dns etc.
But... my public clients ARE using the firewall for DNS, and I've not created any static routes as per the note on the static route page:
Note: Do not enter static routes for networks assigned on any interface of this firewall. Static routes are only used for networks reachable via a different router, and not reachable via your default gateway.
-
its a DNS issue if
#ping 66.94.143.13
works but
#ping yahoo.com
does not work.Probably the note about static routes does not apply to your DNS case. I would add static routes for the 2 DNS servers and see if that helps
-
I understand that. :)
When I set DNS traffic to WAN, and ping yahoo.com, everything is fine.
When I set DNS traffic to WAN2, and ping yahoo.com, everything is fine.When I set DNS traffic to Load Balance, and ping yahoo.com, sometimes it resolves to an IP, and sometimes it doesn't.
-
do the static route thing, matey.
-
it sounds like the router is using the dns for 1 isp over the other isp's link
the query to dns1.isp1.com goes from WAN1 it works
but when…
the query to dns1.isp1.com goes to WAN2 and ISP2 it does not work.ISP's frequently block dns query's from other providers networks.
I'd try the stadic route as sai suggested.
-
Been working on some other stuff.
OK, so static routes. Check my logic.Interface: (the interface I want this static route to apply to, in this case, Public)
Destination network: (IP address of dns server on WAN x) / 32
Gateway: IP of WAN xIs that right?
-
interface
Interface: wan
Destination network: ipadress of dns server isp1 ) / 32
Gateway: IP of WANInterface: wan2
Destination network: (IP address of dns server isp2) / 32
Gateway: IP of WAN2dns1.isp1.com
-
Been working on some other stuff.
OK, so static routes. Check my logic.Interface: (the interface I want this static route to apply to, in this case, Public)
Destination network: (IP address of dns server on WAN x) / 32
Gateway: IP of WAN xIs that right?
yes, that looks good. you will want to make similar routes for all your LAN (ie non-ISP) interfaces and all your DNS servers.
-
Could someone confirm what the interface should be? I don't know if I should set the interface to Public, because I want the static route to apply to the Public interface… or should I set it to WAN (or WAN2) to match the gateway that I'm setting on each rule.
-
I think I answered this myself, it only made a difference when I set the interface to Public, which is what I figured. And then, I had to set the rule allowing DNS traffic to use "default" rather than anything else.
Thanks, this helped out loads!