Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    NAT stops working in Multi WAN when Primary WAN goes down

    Scheduled Pinned Locked Moved NAT
    14 Posts 2 Posters 1.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • DerelictD
      Derelict LAYER 8 Netgate
      last edited by

      That looks fine. Those will be completely independent of each other.

      How are you testing? From inside or outside?

      Chattanooga, Tennessee, USA
      A comprehensive network diagram is worth 10,000 words and 15 conference calls.
      DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
      Do Not Chat For Help! NO_WAN_EGRESS(TM)

      1 Reply Last reply Reply Quote 0
      • S
        sandeepl
        last edited by

        From outside, using an Amazon server!

        1 Reply Last reply Reply Quote 0
        • DerelictD
          Derelict LAYER 8 Netgate
          last edited by

          But HOW are you testing? To an FQDN? To an IP address? Using Curl? what?

          Describe exactly what you are doing.

          When you are testing look at the states. What do you see?

          Chattanooga, Tennessee, USA
          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          1 Reply Last reply Reply Quote 0
          • S
            sandeepl
            last edited by

            I'm Testing to the WAN2 IP address, using the browser and hitting on default port 80, below is the state when WAN is offline:
            WAN2 tcp <amazon server="" ip="">:50663 -> 192.168.0.54:80 (<wan2 ip="" address="">:80) CLOSED:SYN_SENT 3 / 0 152 B / 0 B
            LAN tcp <amazon server="" ip="">:50663 -> 192.168.0.54:80 ESTABLISHED:SYN_SENT 4 / 1 232 B / 52 B

            When WAN is online:
            WAN2 tcp <amazon server="" ip="">:50666 -> 192.168.0.54:80 (<wan2 ip="" address="">:80) TIME_WAIT:TIME_WAIT 6 / 5 521 B / 650 B
            LAN tcp <amazon server="" ip="">:50666 -> 192.168.0.54:80 TIME_WAIT:TIME_WAIT 6 / 5 521 B / 650 B</amazon></wan2></amazon></amazon></wan2></amazon>

            1 Reply Last reply Reply Quote 0
            • S
              sandeepl
              last edited by

              When WAN is online, a refresh:
              WAN2 tcp <amazon server="" ip="">:50668 -> 192.168.0.54:80 (<wan2 ip="" address="">:80) ESTABLISHED:ESTABLISHED 4 / 3 441 B / 570 B
              LAN tcp <amazon server="" ip="">:50668 -> 192.168.0.54:80 ESTABLISHED:ESTABLISHED 4 / 3 441 B / 570 B</amazon></wan2></amazon>

              1 Reply Last reply Reply Quote 0
              • S
                sandeepl
                last edited by

                I'm also monitoring the logs on the http server, I see a proper request when the WAN interface is online, however, no entries whenever the WAN interface is down.

                1 Reply Last reply Reply Quote 0
                • DerelictD
                  Derelict LAYER 8 Netgate
                  last edited by

                  Is there something else required on the server that might not be working when WAN is offline, like DNS resolution?

                  You can plainly see that the port forward is working and traffic coming back from the server isn't being received.

                  Packet capture both tests on the LAN interface and see what's really happening there.

                  Chattanooga, Tennessee, USA
                  A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                  DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                  Do Not Chat For Help! NO_WAN_EGRESS(TM)

                  1 Reply Last reply Reply Quote 0
                  • S
                    sandeepl
                    last edited by

                    Attaching a snip of the capture, for when the request fails. The only thing that is changing during this is that of the WAN interface being offline.

                    [WAN Down.txt](/public/imported_attachments/1/WAN Down.txt)

                    1 Reply Last reply Reply Quote 0
                    • S
                      sandeepl
                      last edited by

                      Strange though, I'm able to recreate this issue also on another box with the latest version of pfSense. I made the WAN2 as WAN on the new box, and the NAT stopped working for the new WAN2 on the new box as soon as the WAN interface went down.

                      1 Reply Last reply Reply Quote 0
                      • S
                        sandeepl
                        last edited by

                        Another observation, If I set the WAN2 network as default gateway, though the WAN interface would be offline, the NAT works properly.

                        1 Reply Last reply Reply Quote 0
                        • S
                          sandeepl
                          last edited by

                          The issue has been resolved, I went ahead and enabled the setting "Default gateway switching", based on my last observation.
                          Now in-spite of the WAN interface going offline the NAT works.

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.