Two Multi WAN firewall rules give different results
-
perhaps you should supply more info….
like what is the exact error you are getting?
what are your dns servers set at ?are you having a dns issue or is this actually a different issue ?
-
perhaps you should supply more info….
like what is the exact error you are getting?
what are your dns servers set at ?are you having a dns issue or is this actually a different issue ?
Apologies, I could have supplied better information:
8.8.8.8 using WAN1 as the gateway
8.8.8.4 using WAN2 as the gatewayThere are no errors, however, I just noticed that when the second rule is set, we cannot ping external or internal IP's. So there must be a firewall rule blocking something. Our captive portal is set, however, even signed-in users experience the same issue.
-
Google's second DNS server IP address is 8.8.4.4 not 8.8.8.4.
-
Google's second DNS server IP address is 8.8.4.4 not 8.8.8.4.
Derelict, sorry that was a typo on my part. We are using:
8.8.8.8 8.8.4.4 -
All your NAT rules in place for both WANs?
-
All your NAT rules in place for both WANs?
At this time, Automatic outbound NAT rule generation is selected within Outbound NAT. There is nothing in 1:1 or NPT. We do have port forwards, but you can see below that nothing is out of ordinary (as far as I know).
-
If you change the default gateway to the other WAN without changing the rule does it work?
-
If you change the default gateway to the other WAN without changing the rule does it work?
Same results, we cannot ping anything internally/externally. I even tried modifying the first rule, by just adding the gateway portion in advanced settings but received the same results. The second that the rule is modified to include the gateways, the rule somehow stops all traffic. Btw, I really appreciate your help here because I quickly ran out of ideas.
Note: I can manually switch gateways and the internet continues to work on each connection as it should, so I know both connections are active.
-
I don't understand how manually switching gateways and changing the default route are two different things.
-
What I meant is that going to Routing, if I make either connection the default gateway, traffic flows through whichever as it should. My point was that both connections are definitely working so there is something strange going on.
-
I don't understand how manually switching gateways and changing the default route are two different things.
I would very curious to know if anyone running 2.2.4 is experiencing this issue. Fail-over works flawlessly, however, WAN load balancing is the issue where I force traffic through the Gateway Groups using firewall rules. I'm convinced that this feature simply does not work anywhere. This has worked in the past with 2.0, I remember. The comments of the following blog post kind of confirms it for me http://terraltech.com/multi-wan-load-balancing-with-pfsense/
-
@UNet:
I'm convinced that this feature simply does not work anywhere. This has worked in the past with 2.0, I remember. The comments of the following blog post kind of confirms it for me http://terraltech.com/multi-wan-load-balancing-with-pfsense/
Of course it still works. The comments on that post no doubt from Squid users, where it's not hitting those rules at all.
You need to negate policy routing for LAN to LAN connectivity to work.
https://doc.pfsense.org/index.php/Bypassing_Policy_RoutingI'm guessing you're breaking your DNS maybe, if it's on one of the other internal subnets. Troubleshoot the issue, what works and what doesn't? IP connectivity to the Internet (ping 8.8.8.8/8.8.4.4/4.2.2.2)? DNS resolution work?
