MultiHome VR3
-
PS: I can ping the AT&T router from the Diagnostic Ping function -
=================
-
You can ping the router which is the gateway, but the gateway is shown as offline? ::)
So check the gateway monitoring settings. That does no others than ping. -
Okay,
Just where do I check those settings –
If I go into System => Routing => Gateway - I have the disable option and the Advanced setting, but I don;t see a way to affect apinger -
===============
Also, looked at Advanced Settings but the Gateway rules there only have to do with NAT States.
-
So the gateway monitoring for the AT&T gateway is enabled and you haven't entered an alternative monitoring IP (don't know if this option was there already in 1.2.1)?
If so appinger should ping the gateway IP like you do in Diagnostic menu.Ah! There may be another reason for this issue. The outbound NAT. You have to add a separate outbound NAT rule for traffic directed to the AT&T. Have you done?
-
Outbound NAT is set to Automatic - -
-
So pfSense would translate all outgoing packets source to its WAN address, which isn't known by the the router, so it will send its responses to the internet and they will never reach pfSense.
-
So, I understand what you are saying –
The Comcast link primary on the VR3 interface is using it's address to ping it's gateway --
However, the AT&T link, Secondary as an Alias is using the Comcast address of VR3 to ping the AT&T gateway so the icmp can not come back -
How do we tell apinger to use the Alias, which by the way is what I had to do in the diagnostic for the ping to work -
-
As mentioned already above, add an outbound NAT rule for this traffic.
Switch outbound NAT rule generation to manual. The automatically generated rules should be preserved, I think.
So you can copy the rule for source 127.0.0.0/8 (pfSense itself), edit it and set the destination to the AT&T subnet and the translation address to the virtual IP.You will also need additional rules for traffic you want to direct to AT&T.
-
Ah,
But that's my headache – I have these in a Group for generic Internet traffic (aka Default Route), and there are three Three Gateways Tiered 1, 2 & 3. VR0 has 3, and VR1 has 1,2 and VR 2 has LAN and VR3 has DMZ.
So If I add a specific route for say yahoo.com through the AT&T gateway (1) and it fails, then it can not fall back to the Comcast (2) Gateway -
Think the answer is going to be an expansion card and a new interface.
Thank you.
---
-
Surely, this will be the best way. So you have both WANs on pfSense and the box can manage a failover.
And also a new version of pfSense will be recommended. :)
My first version was 1.3, but only for play around.