Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IRC via multiple WAN

    Scheduled Pinned Locked Moved Routing and Multi WAN
    8 Posts 3 Posters 3.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      deepdish
      last edited by

      I am having issues when I'm connecting to a IRC server and wanting to use the OPT1 (secondary WAN) interface rather then my WAN interface.

      Every time I connect to an IRC server, it chooses the WAN interface. However, I am confused as to why it does this since on my firewall/policy route rules state that anything coming from the LAN subnet (which is the PC connecting to the IRC server) has a default gateway set to the OPT1 interface, not the WAN interface (this is the only rule that exists for the LAN subnet).

      Is there a reason as to why this is happening?

      1 Reply Last reply Reply Quote 0
      • M
        manjula
        last edited by

        Hi

        Even I had a similar problem but not with IRC. you could try out sticky connections enable (in Advance Menu). please refer to the Multi WAN page of the tutorial (Load balancing)

        Cheers
        Manjula

        1 Reply Last reply Reply Quote 0
        • H
          hoba
          last edited by

          Did you try resetting states after you made that change? Also are you running any packages on your pfSense that might interfere with that traffic?

          1 Reply Last reply Reply Quote 0
          • D
            deepdish
            last edited by

            @hoba:

            Did you try resetting states after you made that change? Also are you running any packages on your pfSense that might interfere with that traffic?

            I have, and I also rebooted just to be sure, however there is no difference. Also, I don't have packages that would seem to interfere with IRC in anyway. The packages that I have installed are arping, imspector, nut, and phpSysinfo.

            I'll provide you with something to work with:

            Here is a traceroute capture from the machine that is connecting to IRC. I have done a traceroute to ' efnet.teleglobe.net ':
            traceroute to efnet.teleglobe.net (66.198.80.67), 30 hops max, 40 byte packets
            1  74.X.X.X (74.X.X.X) 37.932 ms  38.140 ms  38.131 ms
            2  gi-15-0-4.gw01.wlfdle.phub.net.cable.rogers.com (66.185.93.85)  38.098 ms  38.087 ms  59.527 ms
            3  so-3-0-0.gw02.wlfdle.phub.net.cable.rogers.com (66.185.80.130)  59.518 ms  59.455 ms  59.432 ms
            4  24.153.5.234 (24.153.5.234)  81.119 ms  81.110 ms  81.093 ms
            5  if-15-0.core4.AEQ-Ashburn.teleglobe.net (209.58.27.33)  95.288 ms  95.274 ms  95.485 ms
            6  if-4-1-0-723.mcore3.NYY-NewYork.teleglobe.net (216.6.42.62)  109.920 ms  77.830 ms  77.817 ms
            7  Pos-channel1.mcore4.MTT-Montreal.teleglobe.net (216.6.81.18)  78.020 ms  78.244 ms  78.195 ms
            8  * * *
            9  * * *
            ..etc…

            Now, on the same machine .. I will connect to efnet.teleglobe.net, but get a different IP other then my 74.X.X.X IP:

            • [testing12] (~testing12@209.X.X.X): 1234
            • [testing12] efnet.teleglobe.net :O'er the land of the free & the home of the brave
            • [testing12] 209.X.X.X :actually using host
            • [testing12] idle 00:00:07, signon: Thu Mar 20 21:04:41
            • [testing12] End of WHOIS list.

            =============================

            Same situation with another IRC server, irc.tomsk.net from Russia:

            traceroute to irc.tomsk.net (217.29.87.254), 30 hops max, 40 byte packets
            1  74.X.X.X (74.X.X.X)  45.451 ms  45.421 ms  45.400 ms
            2  gi-15-0-4.gw01.wlfdle.phub.net.cable.rogers.com (66.185.93.85)  45.335 ms  45.357 ms  45.522 ms
            3  so-2-3-0.gw02.bloor.phub.net.cable.rogers.com (64.71.240.106)  45.490 ms  45.683 ms  45.671 ms
            4  gw02.bloor.phub.net.cable.rogers.com (66.185.80.5)  45.415 ms  45.613 ms  45.829 ms
            5  pos-1-0-0.igw01.vaash.phub.net.cable.rogers.com (66.185.80.190)  95.148 ms  95.132 ms  95.184 ms
            6  equinix.ash.cw.net (206.223.115.73)  109.649 ms  105.347 ms  105.337 ms
            7  so-4-0-0-dcr2.nyk.cw.net (195.2.10.234)  105.321 ms  105.507 ms  148.710 ms
            8  so-5-0-0-dcr1.nyk.cw.net (195.2.10.241)  148.676 ms  148.656 ms  148.848 ms
            9  so-2-0-0-dcr2.tsd.cw.net (195.2.10.110)  206.819 ms  207.027 ms  206.991 ms
            10  transtele-gw.lnt.cw.net (166.63.222.66)  206.716 ms  226.485 ms  226.467 ms
            11  ZSTTK-tmk.transtelecom.net (217.150.52.145)  320.631 ms  320.628 ms  295.747 ms
            12  ge0-1-23.ll-tmk.zsttk.ru (82.200.1.85)  295.960 ms  295.945 ms  296.117 ms
            13  gw-stack.ll-tmk.zsttk.ru (82.200.1.86)  273.622 ms  273.604 ms  273.584 ms
            14  c3750-v11.tomsk.net (217.29.87.174)  266.296 ms  266.273 ms  266.224 ms
            15  irc.tomsk.net (217.29.87.254)  273.275 ms  273.259 ms  253.781 ms

            • [testing1234] (~testing12@209.X.X.X): 1234
            • [testing1234] irc.tomsk.net :Tomsk IRC Server, RusNet IRC network
            • [testing1234] Charset translation is NONE
            • [testing1234] idle 00:00:27, signon: Thu Mar 20 21:07:28
            • [testing1234] End of WHOIS list.

            I'll post the LAN rules and the routing table of the pfsense box shortly…

            1 Reply Last reply Reply Quote 0
            • D
              deepdish
              last edited by

              LAN Rules:

              Proto | SRC | SRC Port | DST | DST Port | GW | Description

              • | LAN net | * | DMZ net | * | * | LAN <-> DMZ (10.54.1/26)
              • | LAN net | * | WIFI net | * | * | LAN <-> WIFI (192.168.54/24)
              • | LAN net | * | * | * | OPT | Default GW -> OPT (74.X.X.X)

              Route Table:

              Destination Gateway Flags Netif
              default   216.X.X.X   UGS ng0   <– WAN (209.X.X.X)
              10.54.1/26 link#1   UC   em0   <-- LAN
              10.54.1.64/26  link#5 UC rl0
              74.X.X/25 link#2   UC   xl0     <-- OPT Interface (74.X.X.X)
              74.X.X.X <mac>    UHLW  xl0      <-- OPT Interface (74.X.X.X)
              74.X.X.X 127.0.0.1 UGHS lo0
              127.0.0.1 127.0.0.1 UH   lo0
              209.X.X.X lo0         UHS   lo0
              216.X.X.X 209.X.X.X UH ng0 <-- WAN (209.X.X.X)

              209.X.X.X = WAN (Static)
              74.X.X.X = OPT Interface (DHCP)

              I am under the assumption that IRC simply looked at the default GW of the routing table and went with that instead??</mac>

              1 Reply Last reply Reply Quote 0
              • H
                hoba
                last edited by

                Does imspector listen for irc too? If yes this is the reason it goes out through WAN.

                1 Reply Last reply Reply Quote 0
                • D
                  deepdish
                  last edited by

                  @hoba:

                  Does imspector listen for irc too? If yes this is the reason it goes out through WAN.

                  • [testing1234] (~testing12@etc-etc-etc.cable.rogers.com): 1234
                  • [testing1234] irc.tomsk.net :Tomsk IRC Server, RusNet IRC network
                  • [testing1234] Charset translation is NONE
                  • [testing1234] idle 00:00:13, signon: Thu Mar 20 22:04:53
                  • [testing1234] End of WHOIS list

                  That fixed it!

                  I appreciate the help!
                  Thank you…

                  1 Reply Last reply Reply Quote 0
                  • H
                    hoba
                    last edited by

                    All services running at the pfSense itself (like imspector) will always use the main wan only. They are not (yet) multiwan capable. Something to keep in mind when using packages that interfere with traffic  ;)

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.