Every service in the gateway use only the default gateway
-
I thought that the problem was only related to squid.
But I have noticed that any services installed in the router only uses the default gateway.
The router does not use the firewall rules for packets coming from himself. -
I'm seeing the same thing. I have PFSense 2.1p1 running captive portal. It has 2 WANs with failover for redundancy. Today we had a primary WAN failure and it correctly failed over to WAN2. All connected captive portal clients worked without a hitch, however new portal customers could not login because the portal was using WAN1 as it's gateway to the portal auth server. I sshed to the router during this period and from the shell I couldn't ping out to the internet, I could however from a connected LAN client.
Is there some rule I'm missing to get traffic originating on PFSense itself to use the failover gateway group?
-
yea I cant get the stupid "default gateway" box to uncheck.
it only passes traffic through a default gateway regardless of how many gateways I have.
2.1 seams really broken.
-
yea I cant get the stupid "default gateway" box to uncheck.
I've been exploring 2.1 on a spare machine (2.0.3 is what's on the live one) and I noticed this problem myself when I got into setting up my dual WANs. In my case I want certain kinds of traffic to go over specific WAN links and that not working would be a real headache. (e.g., cloud backup needs to go over the link with the biggest upstream bandwidth.)
-
yea I cant get the stupid "default gateway" box to uncheck.
I've been exploring 2.1 on a spare machine (2.0.3 is what's on the live one) and I noticed this problem myself when I got into setting up my dual WANs. In my case I want certain kinds of traffic to go over specific WAN links and that not working would be a real headache. (e.g., cloud backup needs to go over the link with the biggest upstream bandwidth.)
Ordinary client traffic (like a big backup to cloud) is easily directed to the WAN (or group of WANs) that you want it to use, by specifying the gateway or gateway group in the rules. It is only traffic originated from pfSense itself that is tricky to direct.