OPT1 (second WAN) won't work
-
I have setup pfsense with one WAN and it works. When I add a second WAN interface (static IP address with proper subnet and gateway), and pull the plug on the first WAN, there is no internet connectivity. I can ping all the way to the second WAN's gateway without issue, but past that it returns "Destination host unreachable."
I am new to *nix and BSD variants so I probably need baby steps when it comes to related topics.
-
You need to set up a load balanced or failover gateway specifically. Just configuring the OPT1 interface isn't enough.
See the MultiWAN HOWTO: http://doc.pfsense.org/index.php/MultiWanVersion1.2
-
Yep, that's correct. You need to goto Load Balancer and setup WAN1 and OPT1 for failover or Load balancing as per above guide. Then as important you'll need to setup firewall rule to pass data on LAN. Else nothing will be pass to your WAN2.
-
Thanks for the quick responses. I have attempted to follow the setup for multiple WANs with loadbalancing/failover, but they do not seem to work. If I understand the Diagnostics>Ping screen of the pfsense web interface, I should be able to specify a NIC and ping a host directly from that interface to test connectivity. I assume that this should work independently of loadbalancing/failover setup. When I do attempt to ping a host anywhere past the second WANs gateway, it does not get to the destination. I have setup other routers with the same settings to test that the ISP has their routing set correctly and everything works fine (pinging internet hosts via IP and hostnames).
-
Did you read the note at the bottom of the page saying that the ping utility doesnt work with multiWAN?
Your assumption that you can specify an interface and a ping will go down the road regardless of the loadbalancer is wrong.
The loadbalancer can only be applied to traffic comming in on an interface.
NOT to traffic originating on the pfSense itself.
The pfSense can only route according to it's routing table.
Since a ping originates on the pfSense you can only ping stuff directly reachable (like the gateway of your WAN2), or via its primary WAN (default gateway).If you want to change this behaviour you have to create a static route for a specific IP pointing to the WAN2 gateway.
-
OK. So now my question still stands from before. I have 2 WANs set per the instructions in the aforementioned tutorial. Albeit with different settings since my WAN IPs are all external IPs and directly connected to the internet unlike the private subnets the tutorial calls for. I have configured a Hotbrick router that supposedly loadbalances with the same WAN IPs I am configuring the pfsense router with and they work fine (at least the internet connectivity part, the Hotbrick loadbalancing doesn't seem to work well for any length of time without locking the router up). I configure the pfsense to loadbalance according to the tutorial, but still no loadbalancing when WAN1 is disconnected.
-
Well, how would you get load balancing when you've got one of the WANs disconnected? I don't understand what you mean…
Can you please post screenshots of your load balancer configuration, LAN firewall rules and outgoing NAT rules along with a description of exactly what isn't working?