Gateway Groups for directing traffic does not work
-
I have WAN1 for general lan, and WAN2 for 2 static IPs. Here's my config:
Both gateways are UP
but all my lan is only using WAN2 , why?
-
Try changing the "GW_OPT1" to Tier2 and "WAN1 to Tier1", BTW, what is your trigger option set at!?
one more thing if you do make these changes, I don't see how this is gonna solve your prob.
FYI, Follow these steps for using load balancing between the two gateway groups,
-
Create a group named as bothgateway and set Tier1 for both gateways and Trigger Level to packet loss or high latency
-
Create a second group, description name "Wan1 Fail Wan2 Use" and priority set wan1 to Tier1 and wan2 to Tier2, set "Trigger level" to member down.
-
Create a third group, description name "Wan2 Fail Wan1 use" and priority set wan1 to Tier2 and Wan2 to Tier1, set "Trigger level" to member down.
Now Coming Firewall Rules –> LAN, you need to create a two new rule considering you've already created a rule for balancing,
LIKE 1) BALANCE RULE ( uses both gateway)
Interfaces: Lan
Protocol: ANY
Source: LAN SUBNET
Destination ports: ANY
Gateway;BALANCE- FAILOVER RULE 1
Interfaces: Lan
Protocol: ANY
Source Address: ANY
Destination ports: ANY
Gateway;Wan1 Fail Wan2 Use- FAILOVER RULE 2
Interfaces: Lan
Protocol: ANY
Source Address: ANY
Destination ports: ANY
Gateway;Wan2 Fail Wan1 useMake sure to place them on top of the lan rules.
-
-
Thanks, but as you said I don't see how this will fix my problem.
I don't need load balancing, btw.
-
Then don't add the first rule under lan!
And one more thing have you enabled sticky connections under System -> Advanced -> Miscellaneous!? If yes disable that and restart your pfsense to take effect.
It may be also be the cause for using a particular gateway.
-
Hi Fernando36,
Have you solved this issue? I am in the same situation. I have 2 WAN connections on WAN and OPT1 (with interfaces called WAN_CABLE and OPT2_VLAN) and I want to route all traffic via the WAN interface, with some exceptions:
- port 25 (mail) always goes via OPT2_VLAN, as well as port 1194 (OpenVPN);
- I want all traffic from one of the clients (192.168.1.231) via OPT2_VLAN instead of WAN_CABLE.
For this I have created rules in the firewall, LAN tab (see attachment).
The port-based rules work fine. However, the IP based rules do not work at all: all traffic for the *.231 always goes via the WAN_CABLE interface. My gateways, WAN and GW_OPT2, are connected to separate ISPs. I have a gateway group "Wan1BalanceWan2" with gateway WAN in Tier 1 and gateway GW_OPT2 in Tier 2. There is no default gateway.
I have also tried a setup with both Gateways in Tier 1 in the gateway group and gateway WAN as default, but the result is the same: IP based routing does not seem to work in the way I understand. I also tried to route another IP address, but that also did not work.
Does anybody know what I am doing wrong?
Thanks,
Edwin.![Screen Shot 2013-06-22 at 11.37.39.png](/public/imported_attachments/1/Screen Shot 2013-06-22 at 11.37.39.png)
![Screen Shot 2013-06-22 at 11.37.39.png_thumb](/public/imported_attachments/1/Screen Shot 2013-06-22 at 11.37.39.png_thumb) -
Try this:
- Make sure you have atleast 1 dns for each wan e.g. 8.8.8.8 fpr wan1 and 8.8.4.4 for wan2
- add external ip to monitor each lan e.g. 8.8.8.8 for wan1, 8.8.4.4 for wan 2.
- check in sticky connection is uncheck.
- temporary disable any other rule, use gateway group for all lan connection. make one simple gateway group first. use default NAT outgoing rule (Automatic outbound NAT rule generation)
- if your wan is in private network uncheck interface option "Block private networks"
Check if your wans are working, open a torrent file with your favorite torrent program check torrent if connected to multiple piers. Open dashboard and add traffic graph. expand all interface and see if both wans have traffic. add also gateways on dashboard to see the status. try changing tiers to observe how traffic changes also
-
Hi Kababayan,
Thanks for your reply. However, I tried your suggestions but all traffic still follows the default gateway, ignoring my firewall rules.
I kept on searching and stumbled upon posting http://forum.pfsense.org/index.php?topic=40588.0;prev_next=prev. And, low and behold, I too had installed squid, a long time ago, and completely forgot about it. So, as a test, I uninstalled squid -> problem solved!!! Now outbound traffic does follow the rules in the LAN firewall section. So if there is somebody out there who tries to route traffic from specific IP addresses through a specific WAN connection and setting firewall rules does not seem to help, check whether you have squid installed…
Next challenge is to have IP based routing WITH squid, but I will look into that another time. I am happy to have it working as it is now.
Again thanks for your reply!
Edwin.
-
. So, as a test, I uninstalled squid -> problem solved!!!
Yup that happen to me also before. so i just installed proxy plus on the client to use both wans with proxy. Yet after upgrading to pf 2.0.3 with squid both wans are working fine.
Glad you fix the problem.