PFsense didn't monitor external dns
-
Hi everyone, i have problem with monitoring of external dns address. I have configured load balance between two links and have configured gateways with monitoring addresses (208.67.222.222 and 8.8.8.8). But when i look status of gateway it's always shows offline. I can ping addresses from my gateways but always show offline.
Thanks in advance
-
Well can you ping it from cmd line or from diag? Its quite possible maybe your ISP blocks access to those IPs? I can ping 8.8.8.8 without a problem
ping 8.8.8.8
Pinging 8.8.8.8 with 32 bytes of data:
Reply from 8.8.8.8: bytes=32 time=20ms TTL=47
Reply from 8.8.8.8: bytes=32 time=20ms TTL=47
Reply from 8.8.8.8: bytes=32 time=20ms TTL=47Ping statistics for 8.8.8.8:
Packets: Sent = 3, Received = 3, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 20ms, Maximum = 20ms, Average = 20msAnd I can set it up as a monitor.
-
Yes i can ping 8.8.8.8 from cmd and from ping tool of pfsense. If my ISP blocked pings to this address then how can i ping 8.8.8.8 with source addres of my gateway ?
-
If you can ping it using that internet connection, then not sure what to tell you. I am not having such a problem. As you can see using 8.8.8.8 for monitor IP works just fine.
Why are you setting dns to use specific gateway but then setting to allow for override anyway? My guess is you got something jacked in you what your trying to do. Since I can not duplicate your problem.. Why are you not just using the unbound resolver which is the default. Why are you trying to set dns?
I would remove your load balancing setup and just use 1 gateway and change its monitor IP to opendns or googledns does that work?
-
I have disabled allow for override option and have disabled load balancing rule, there is no luck :(
-
So you have 1 gateway set as default. And you can not use monitor 8.8.8.8 but you can ping it from pfsense? Making sure you set the source as your gateway your wanting to monitor?
What is the ping times you getting back, maybe they are over the threshold for being online? Maybe your isp doesn't like 0 payload in the ping, set it to a value other than 0..
Normally the monitor pings have 0, see left ping - but when you do a normal ping there is data attached. So in the monitor advanced set a payload, also what type of response time do you get when you do a normal ping that you get an answer from
-
You are genius my friend, thank you very much, it's payload problem. :D Can you explain me solution of this problem, why pinging without data is not working ? I have network skills in CCNA level but i never encountered with such problem
-
Seems your isp doesn't like it.. Or maybe google doesn't like it from where your coming from? Or network between you and google and opendns doesn't like it and drops it. Maybe there are network problems currently between you and them and those packets are being dropped because of min effect on overall traffic, etc.
Could be many reasons for it. Hard to say where the issue is since you do not have control over the other side.. You could try sending zero sized icmp to somewhere you have control over and see if they get there. If they do and answer then you can rule out your ISP blocking/dropping them.
How good is your isp, maybe you can open a ticket with them about it and they can provide some insight?
