• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Default Gateway can't be deactivated

2.1 Snapshot Feedback and Problems - RETIRED
3
8
2.1k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • R
    Reiner030
    last edited by Feb 7, 2013, 9:16 PM

    Hi

    I try to setup BGP/OSPF routing and think that it's better to have no default route because I got into trouble when the default route goes down.

    From my sight it does not make sense to create a gateway group in parallel to BGP/OSPF routing so that it works correct.
    But it would also be nice to have the gateways defined for monitoring reasons in Dashboard.

    What do you think about it / is this mechanism clearly defined what has to be?

    The behavior is also not consistent… is it allowed to have multiple default gateways or not?
    Several times I got them (IPv4 / IPv6), other times not... and I also got sometimes an IPv6 default gw deleted when I created an parallel one on same interface but with different IP address.

    Also when I deleted them completely on main firewall the slave firewall got them not deleted (all/not all of them).

    Bests

    Reiner

    1 Reply Last reply Reply Quote 0
    • R
      Reiner030
      last edited by Feb 8, 2013, 8:49 PM

      Im not clear if this is an direct interface or a gateway problem so I wrote it in this thread…

      So I running now snapshot 7th Feb. 18:03 and the interface problems itself seems now solved. thx.

      This one can't be fixed completely right:
      https://github.com/bsdperimeter/pfsense/commit/9c115b409d0b21132dae9ad2c62f842a7e438f8f

      or something equal made a wrong behavior on my servers:

      Now the interface itself is clean after deactivating the interface:
      [2.1-BETA1][root@gw2.zws8.local]/root(7): ifconfig em2
      em2: flags=8802 <broadcast,simplex,multicast>metric 0 mtu 1500
      options=9b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum>ether 00:0c:29:34:d2:53
      media: Ethernet autoselect (1000baseT <full-duplex>)
      status: active

      I still got a default route on the deactivated interface em2 after removing GW in interface /applying it and removing it from Routes => Gateways with apply:
      gw2.zws8.local# show ipv6 route 2a02:xxx::xxx:c:1
      Routing entry for ::/0
        Known via "kernel", distance 0, metric 0
        * 2a02:xxx::xxx:c:1 inactive

      gw2.zws8.local# show ipv6 route 2a02:xxx::xxx:e:1
      Routing entry for 2a02:xxx::xxx:e:0/112
        Known via "connected", distance 0, metric 1
        * directly connected, wan_vip212

      Routing entry for 2a02:xxx::xxx:e:0/112
        Known via "connected", distance 0, metric 1, best
        * directly connected, em0

      And I see it here, too:
      [2.1-BETA1][root@gw2.zws8.local]/root(8): netstat -rn | grep default
      default            xx.xx.9.129      UGS        0    3752    em0
      default                          2a02:xxx::xxx:c:1              UGS        em0

      After a reload
      [2.1-BETA1][root@gw2.zws8.local]/root(9): /etc/rc.reload_interfaces

      it seems flushed when looking into OSPF:
      gw2.zws8.local# show ip route xx.xx.9.129
      Routing entry for xx.xx.9.128/29
        Known via "ospf", distance 110, metric 20, best
        Last update 00:01:47 ago
        * xx.xx.176.253, via em1

      gw2.zws8.local# show ip route 2a02:xxx::xxx:e:1
      % Unknown command.
      gw2.zws8.local# show ipv6 route 2a02:xxx::xxx:e:1
      Routing entry for 2a02:xxx::xxx:e:0/112
        Known via "connected", distance 0, metric 1
        * directly connected, wan_vip212

      Routing entry for 2a02:f28::2:e:0/112
        Known via "connected", distance 0, metric 1, best
        * directly connected, em0

      But:

      • my IPv4 direct network route on em0 is flushed, too … and
      • I still can see the wrong IPv6 route in routing table (additional on wrong interface):
        [2.1-BETA1][root@gw2.zws8.local]/root(11): netstat -rn | grep default
        default            xx.xxx.176.2        UG1        0      15    em1
        default                          2a02:xxx::xxx:c:1              UGS        em0

      [2.1-BETA1][root@gw2.zws8.local]/root(12): ifconfig em0
      em0: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
      options=9b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum>ether 00:0c:29:34:d2:3f
      inet6 fe80::20c:29ff:fe34:d23f%em0 prefixlen 64 scopeid 0x1
      inet xx.xx.9.134 netmask 0xfffffff8 broadcast xx.xx.9.135
      inet6 2a02:xxx::xxx:e:4 prefixlen 112
      nd6 options=1 <performnud>media: Ethernet autoselect (1000baseT <full-duplex>)
      status: active

      ====================
      We have 2 buildings with each a master/slave setup, connected via public BGP / internal OSPF I try to setup.
      transfernet building 1/jws1:  xx.xx.9.120/29  ||  2a02:xxx::xxx:c:0/112  => em0 for jws1, tested for zws8 on em2
      transfernet building 1/zws8:  xx.xx.9.128/29  ||  2a02:xxx::xxx:e:0/112 => em0 for zws8, tested for jws1 on em2
      ASN - shared on both sides:  xx.xx.176.0/24  || 2a01:xxx::xxx:0/48 => em1</full-duplex></performnud></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum></up,broadcast,running,promisc,simplex,multicast></full-duplex></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum></broadcast,simplex,multicast>

      1 Reply Last reply Reply Quote 0
      • E
        eri--
        last edited by Feb 9, 2013, 9:32 AM

        Well it is assumed that if no default gateway configured WAN will be the winner.
        In case of bgpd running on pfSense you can set the default gateway to the interface bgpd and it will do the right thing.

        For ospf case there is no consideration because its not considered as a protocol to run on the wan side of things, as of now.

        1 Reply Last reply Reply Quote 0
        • R
          Reiner030
          last edited by Feb 9, 2013, 5:35 PM

          @ermal:

          Well it is assumed that if no default gateway configured WAN will be the winner.
          In case of bgpd running on pfSense you can set the default gateway to the interface bgpd and it will do the right thing.

          For ospf case there is no consideration because its not considered as a protocol to run on the wan side of things, as of now.

          ok, but this can't explain my problems  on my external firewalls / you got something wrong (or I explained it not right).

          em2 was the 2nd WAN interface but I deactivated it and deleted additionally the default gw for this interface em2.
          Interface is now down but I still hold a route of the old network on it ?

          My routing should go out over em0 and it's gw and not over the (normally not anymore configured) gw on em2.

          Additional Problem with Routes =>GWs:
          2) a can' deactivate "default" GW on last IPv4 GW… but on last IPv6 GW

          On my external and internal firewalls I deactivated OSPF for public routing because the pfsense GUI based configuration can't help here select the site-preferred gateway .1 or .254 as you also wrote; OSPF routes always to the lowest router .2.

          1. So I run into a new problem ^^

          The default gateway is set for em0 on WAN web interface an each side...

          em0 Web side 1 => .1/:1
          em0 Web side 2 => .254 /:fe

          => But when applied the gateways are set opposite way... I got configured
          em0 on side 1 => .254/:fe
          em0 on side 2 => .1 /:1

          which is verfy confusing.

          BTW: Is there a time frame for the planned possibility to make gateway groups available on interface gateway selection ?

          1 Reply Last reply Reply Quote 0
          • E
            eri--
            last edited by Feb 11, 2013, 9:51 AM

            For the first it might be an issue but i have to think the best way to fix it.
            Can you report this on redmine.pfsense.org?

            The order on which you see the gateways is not important since those are completely separate routing tables its just a display ordering.

            BTW: Is there a time frame for the planned possibility to make gateway groups available on interface gateway selection ?

            Open a feature request on redmine.pfsense.org but it will not make 2.1 for sure.

            1 Reply Last reply Reply Quote 0
            • R
              Reiner030
              last edited by Feb 14, 2013, 7:58 PM

              @ermal:

              For the first it might be an issue but i have to think the best way to fix it.
              Can you report this on redmine.pfsense.org?

              The order on which you see the gateways is not important since those are completely separate routing tables its just a display ordering.

              Ok I try to write it with a testenvironment setup after setting up real gw/fws. Or is my explanation above enough for it?

              BTW: Is there a time frame for the planned possibility to make gateway groups available on interface gateway selection ?

              Open a feature request on redmine.pfsense.org but it will not make 2.1 for sure.

              Mmh I read that it is a planned feature for 2.1 somewhere were was written about multi WAN setups …
              So I thought that it would be implented in next weeks ;)
              OpenVPN can already handle the gateway group as I just researched:
              https://redmine.pfsense.org/projects/pfsense/repository/revisions/ea68f6cc92fb6167c084d6786984bdf35caef132

              1 Reply Last reply Reply Quote 0
              • D
                drzoidberg33
                last edited by May 25, 2013, 4:28 PM

                I am having a similar issue with todays snapshot. I have a multiwan setup, with 2.0.3 I can just deselect the "Default gateway" option on both interfaces but I cannot do this on 2.1. This results in my failover rules to fail as it always defaults to one of the gateways.

                Is there a new way of doing WAN failover or is this a bug? To reproduce you just need to have two gateways and then try to untick "Default gateway" on both of them.

                1 Reply Last reply Reply Quote 0
                • D
                  drzoidberg33
                  last edited by May 25, 2013, 6:18 PM

                  @drzoidberg33:

                  I am having a similar issue with todays snapshot. I have a multiwan setup, with 2.0.3 I can just deselect the "Default gateway" option on both interfaces but I cannot do this on 2.1. This results in my failover rules to fail as it always defaults to one of the gateways.

                  Is there a new way of doing WAN failover or is this a bug? To reproduce you just need to have two gateways and then try to untick "Default gateway" on both of them.

                  I found the "Allow default gateway switching" in Advance Setup -> Misc. This seems to have fixed the problem with the failover rules.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.