Cannot ping DMZ address with new ISP

TC10284

Hello all,

I have a dual WAN setup on pfSense. Everything is working great except one thing. I can no longer ping or access my DMZ server, whereas prior to the additional ISP, I could reach the DMZ server just fine.

Setup:
LAN -> 192.168.2.1/24
DMZ -> 192.168.0.2/24
WAN1 -> Time Warner (DHCP)
WAN2 -> Windstream (DHCP)

My DMZ server IP is: 192.168.0.2

I ran a traceroute and this is the result:

Tracing route to 192.168.0.2 over a maximum of 30 hops

1    10 ms    8 ms    8 ms  10.0.64.1
  2    19 ms    9 ms    8 ms  h105.224.190.173.ip.windstream.net [173.190.224.105]
  3    12 ms    9 ms    9 ms  h8.35.130.40.static.ip.windstream.net [40.130.35.8]
  4    18 ms    8 ms    8 ms  h9.35.130.40.static.ip.windstream.net [40.130.35.9]
  5    8 ms    15 ms    7 ms  h8.35.130.40.static.ip.windstream.net [40.130.35.8]
  6    8 ms    8 ms    10 ms  h11.35.130.40.static.ip.windstream.net [40.130.35.11]
  7    11 ms    8 ms    9 ms  h8.35.130.40.static.ip.windstream.net [40.130.35.8]
  8    9 ms    9 ms    8 ms  h11.35.130.40.static.ip.windstream.net [40.130.35.11]
  9    8 ms    8 ms    11 ms  h8.35.130.40.static.ip.windstream.net [40.130.35.8]
10    11 ms    10 ms    25 ms  h15.35.130.40.static.ip.windstream.net [40.130.35.15]
11    8 ms    9 ms    23 ms  h8.35.130.40.static.ip.windstream.net [40.130.35.8]
12    9 ms    8 ms    8 ms  h13.35.130.40.static.ip.windstream.net [40.130.35.13]
13    25 ms    10 ms    8 ms  h8.35.130.40.static.ip.windstream.net [40.130.35.8]
14    11 ms    11 ms    8 ms  h11.35.130.40.static.ip.windstream.net [40.130.35.11]
15    8 ms    9 ms    8 ms  h8.35.130.40.static.ip.windstream.net [40.130.35.8]
16    8 ms    9 ms    11 ms  h13.35.130.40.static.ip.windstream.net [40.130.35.13]
17    10 ms    9 ms    9 ms  h8.35.130.40.static.ip.windstream.net [40.130.35.8]
18    11 ms    11 ms    9 ms  h13.35.130.40.static.ip.windstream.net [40.130.35.13]
19    9 ms    9 ms    8 ms  h8.35.130.40.static.ip.windstream.net [40.130.35.8]
20    13 ms    33 ms    27 ms  h9.35.130.40.static.ip.windstream.net [40.130.35.9]
21    9 ms    9 ms    12 ms  h8.35.130.40.static.ip.windstream.net [40.130.35.8]
22    24 ms    10 ms    12 ms  h9.35.130.40.static.ip.windstream.net [40.130.35.9]
23    9 ms    12 ms    10 ms  h8.35.130.40.static.ip.windstream.net [40.130.35.8]
24    8 ms    11 ms    9 ms  h13.35.130.40.static.ip.windstream.net [40.130.35.13]
25    8 ms    9 ms    10 ms  h8.35.130.40.static.ip.windstream.net [40.130.35.8]
26    8 ms    9 ms    24 ms  h9.35.130.40.static.ip.windstream.net [40.130.35.9]
27    9 ms    14 ms    15 ms  h8.35.130.40.static.ip.windstream.net [40.130.35.8]
28    8 ms    8 ms    8 ms  h11.35.130.40.static.ip.windstream.net [40.130.35.11]
29    8 ms    9 ms    11 ms  h8.35.130.40.static.ip.windstream.net [40.130.35.8]
30    8 ms    9 ms    8 ms  h13.35.130.40.static.ip.windstream.net [40.130.35.13]

Trace complete.

Looks like a routing loop on the ISP side.
What can I do to to resolve this?

Derelict

I can no longer ping or access my DMZ server

You need to place rule(s) on LAN above your new gateway group rule that passes the desired traffic from LAN to DMZ without a gateway set.

https://doc.pfsense.org/index.php/Bypassing_Policy_Routing

TC10284

Thanks! This worked!