WAN1 working WAN2 not

dogbait

My pfsense box is setup with WAN1:
IP address 94.194.206.45 
Subnet mask 255.255.248.0
Gateway GW_WAN 94.194.200.1

WAN2:
IP address 81.151.142.96 
Subnet mask 255.0.0.0
Gateway 217.32.145.227

LAN:
IP address 10.0.0.1 
Subnet mask 255.255.255.0

I can ping out and reach the net fine via WAN1. Via WAN2 however I can get an IP from my ISP but can't ping the outside world.

I tested the link from WAN2 using a laptop which gets the same IP and works perfectly fine.

In my logs I've noticed the following error over and over again:
May 17 01:28:56 kernel: arpresolve: can't allocate llinfo for 217.32.145.227
May 17 01:28:55 kernel: arpresolve: can't allocate llinfo for 217.32.145.227

Been banging my head at this issue for hours now, any help appreciated.

wallabybob

Based on the data you have provided, the WAN2 gateway is not on the WAN2 subnet. How is your system supposed to get to the WAN2 gateway?

dogbait

@wallabybob:

Based on the data you have provided, the WAN2 gateway is not on the WAN2 subnet. How is your system supposed to get to the WAN2 gateway?

Good question…I don't know to be honest.

I'm using a Router in a Half Bridge mode. It the above IP and GW addresses to a computer I tested with as well which routes to the internet without problem. Incidentally pfsense 1.2.3 worked fine with this configuration.

stephenw10

@wallabybob:

Based on the data you have provided, the WAN2 gateway is not on the WAN2 subnet. How is your system supposed to get to the WAN2 gateway?

That's not necessarily a problem. Those are the gateway addresses provided by your ISPs ppp. My own setup is similar, neither gateway is in the same subnet as the WAN. I'm using pppoe.

How are you testing WAN2? What are you using for DNS servers? What type of connection are your two WANs?

Steve

wallabybob

@stephenw10:

@wallabybob:

Based on the data you have provided, the WAN2 gateway is not on the WAN2 subnet. How is your system supposed to get to the WAN2 gateway?

That's not necessarily a problem. Those are the gateway addresses provided by your ISPs ppp. My own setup is similar, neither gateway is in the same subnet as the WAN. I'm using pppoe.

In that case shouldn't the network mask be 255.255.255.255? For example the 3G ppp interface on my netbook:

$ ifconfig ppp0
ppp0      Link encap:Point-to-Point Protocol 
          inet addr:114.73.81.5  P-t-P:10.64.64.64  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:17176 errors:0 dropped:0 overruns:0 frame:0
          TX packets:18324 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3
          RX bytes:15159340 (15.1 MB)  TX bytes:3736517 (3.7 MB)

$

WAN2 supposedly has a network mask of 255.0.0.0

dogbait

@stephenw10:

How are you testing WAN2? What are you using for DNS servers? What type of connection are your two WANs?

I'm using the Ping option in pfsense under Diagnostics.

WAN1 is using a static IP config and connected directly to a Speedtouch ADSL router in bridge mode. WAN2 is using DHCP and also connected to a Speedtouch ADSL router in bridge mode.

Would the issue be at all related to this?
http://redmine.pfsense.org/issues/1242

stephenw10

@Wallabybob
Yes, you're right, it should be 255.255.255.255.
Now we know it's not a ppp connection it does seem incorrect.

@Dogbait
What are you pinging? Why are you using static on one connection and dhcp on the other?
It does seem to be case of no route to the gateway.

Steve

dogbait

@stephenw10:

@Dogbait
What are you pinging? Why are you using static on one connection and dhcp on the other?
It does seem to be case of no route to the gateway.

I've tried pinging 194.168.4.100 and 217.32.145.227. Neither work.

I'm using static with one (business broadband) and dhcp with the other (home broadband). The static ADSL router is in pure bridge mode and pfsense goes directly to the provider and gets an IP (no PPPOE required).

The dynamic ADSL router handles the PPPOE authentication and pfsense then uses DHCP to obtain an IP address.

Any thoughts on what I can do to get WAN2 (dynamic) to reach the outside world?

I tried using a computer instead of pfsense to obtain an IP from the router on home broadband, it worked perfectly. Why would it work with a computer but not via pfsense? (does Mac OS create the necessary routes automatically?)

stephenw10

Hmm, OK.
When you connect with your laptop what gateway are you given?

The way forward is probably to add a route to the gateway manually as cmb suggested in that bug report you linked to.
The problem may be that you receive different gateways each time you connect.

Not a nice solution, but one that would work, is to set your speedtouch box back to routing and use a local address for WAN2.

Steve

dogbait

@stephenw10:

Hmm, OK.
When you connect with your laptop what gateway are you given?

Same as the pfsense box receives. I'll try adding the route tonight, see if that works out. Otherwise I suppose getting pfsense to connect directly using pppoe might be the best option here?

stephenw10

Yes that would be the best solution if your modem supports it.  :)