Load Balancing faulty for second LAN

tacfit

@techatdd:

What snapshot do you use?

1.2 Beta 1 (no snapshots)

@sai:

So its a DNS issue not connectivity from Public? What DNS server do your Public clients use? If the DNS server for Public clients is the firewall then  you have to have static routes setup for the DNS servers from the 2 ISPs.

Well… I don't think it is a DNS issue. On the rule allowing DNS traffic out from Public, if I set the gateway to either WAN or WAN2, it works fine. It's only when I set the rule to Load Balance that DNS becomes spotty. As I said, when using Load Balance EVERYTHING becomes spotty, http requests, dns etc.

But... my public clients ARE using the firewall for DNS, and I've not created any static routes as per the note on the static route page:

Note: Do not enter static routes for networks assigned on any interface of this firewall. Static routes are only used for networks reachable via a different router, and not reachable via your default gateway.

sai

its a DNS issue if
#ping 66.94.143.13
works but
#ping yahoo.com
does not work.

Probably the note about static routes does not apply to your DNS case. I would add static routes for the 2 DNS servers and see if that helps

tacfit

I understand that. :)

When I set DNS traffic to WAN, and ping yahoo.com, everything is fine.
When I set DNS traffic to WAN2, and ping yahoo.com, everything is fine.

When I set DNS traffic to Load Balance, and ping yahoo.com, sometimes it resolves to an IP, and sometimes it doesn't.

sai

do the static route thing, matey.

tedced

it sounds like the router is using the dns for 1 isp over the other isp's link

the query to dns1.isp1.com goes from WAN1 it works
but when…
the query to dns1.isp1.com goes to WAN2 and ISP2 it does not work.

ISP's frequently block dns query's from other providers networks.

I'd try the stadic route as sai suggested.

tacfit

Been working on some other stuff.
OK, so static routes. Check my logic.

Interface: (the interface I want this static route to apply to, in this case, Public)
Destination network: (IP address of dns server on WAN x) / 32
Gateway: IP of WAN x

Is that right?

jeroen234

interface

Interface: wan
Destination network: ipadress of dns server isp1 ) / 32
Gateway: IP of WAN

Interface: wan2
Destination network: (IP address of dns server isp2) / 32
Gateway: IP of WAN2

dns1.isp1.com

sai

@tacfit:

Been working on some other stuff.
OK, so static routes. Check my logic.

Interface: (the interface I want this static route to apply to, in this case, Public)
Destination network: (IP address of dns server on WAN x) / 32
Gateway: IP of WAN x

Is that right?

yes, that looks good. you will want to make similar routes for all your LAN (ie non-ISP) interfaces and all your DNS servers.

tacfit

Could someone confirm what the interface should be? I don't know if I should set the interface to Public, because I want the static route to apply to the Public interface… or should I set it to WAN (or WAN2) to match the gateway that I'm setting on each rule.

tacfit

I think I answered this myself, it only made a difference when I set the interface to Public, which is what I figured. And then, I had to set the rule allowing DNS traffic to use "default" rather than anything else.

Thanks, this helped out loads!