Multi Gateway same interface

fadygh

I'm able to ping booth 8.8.8.8 and www.google.com from both interfaces but in the dashboard gateways status it shows me one of them is offline

stephenw10

Well what is 192.168.5.253? It's not responding to ping.

fadygh

@stephenw10 I finally managed to fix the gateway marked down I followed the below thread
https://forum.netgate.com/topic/98151/2-3-gateway-monitor-not-working/2

now I tested load balancing by marking the gateways as down and load balancing is working but when I manually unplug the cables internet will go down when I unplug wan1 which is the default but not wan2

stephenw10

You configured DNS to use both as I outlined above?

How are you testing to see "internet will go down"?

Steve

fadygh

@stephenw10 yes I configured DNS for both gateways and I set the same DNS for the monitoring IP, but I think that I have a routing problem I created the firewall rule and linked it to the WAN-group but I'm still having the same problem only one interface is working even though they both have inernet and I can verify that by doing traceroute command I see from pfsense I tested it from two wans and I can see that each wan has different hops IP addresses but I still unable to do load balancing I also tried to force the firewall rule to pass only from the gateway that have problem with it but still no internet on computer, the computer is connected directly to pfsense machine LAN port, I can only get internet from one gateway even thouh they both have internet and the status of both gateways in online except when I unplug any any cable it can detect that it's offline
any suggestion would be appreciated

stephenw10

Ok so when you disconnect the main WAN what exactly does and doesn't work?

I assume you are still able to ping out and do dns lookups from pfSense itself? Without specifiying a source IP?

Can you do dns lookups from a client on LAN?

Can you ping an external IP (by IP) from a client?

Can you ping the WAN2 gateway or DNS server on WAN2 from the client?

If you traceroute from the client where does it fail?

Check /tmp/rules.debug. When WAN1 is down it should be removed from the gateway group.

Steve

fadygh

I did two continuous pings from computer one ping to www.google.com and another ping to 8.8.8.8 if two WAN cable are connected they both get reply. but if I unplugged WAN1 I get request time out on www.google.com and if I unplug WAN2 I get request time out on 8.8.8.8. any suggestions for this situation

stephenw10

Continuous pings is not a good test. The firewall states are not removed when the gateway goes down unless you have set Flush all states when a gateway goes down in Sys > Adv > Misc. As long as the ping is still running the state will not timeout. If you stop the ping and restart it after some time it should go out over the good gateway.

Are you using 8.8.8.8 as a DNS server for the firewall? If so that may have a static route via WAN2 which means it can never work over WAN1.

Steve

fadygh

I'm sure that there is something missing in the manual I followed all he instructions with no success. now I did factor default reset, I have three NIC interface I configured them as follow WAN1 WAN2 and LAN
LAN is 192.168.1.1
WAN1 static IP address 192.168.0.171 Gateway 192.168.0.239 DNS is 8.8.8.8
WAN2 static IP address 192.168.5.254 Gateway 192.168.2.253 DNS is 8.8.4.4 (I put a NAT device in order to change the range of the network as mentioned in the manual)
in routing I set monitoring IP address same as DNS for each interface
I created a wangroup and set them both tier1 and trigger level is member down
I modified the internet rule and in the gateway I selected the wangroup

is there anything else that I have to do in order to make it work
I want to make load balancing by making users to get internet from both gateways and if one gateway fails the users that are on failed gateway will failover to the other gateway
is there any specific log that I can check to to post it may be it can help
please note I'm facing problem that sometimes one of gateways appears down even though it's not down

fadygh

finally it worked I used DNS forwarding instead of DNS resolver and it's working now
thanks everyone for help

stephenw10

If you want to keep using the resolver, Unbound, you can switch that to forwarding mode instead. That allows you to use DNDBL for example.
Or in 2.4.4+ you can set a failover gateway group as the default gateway (cannot be a load-balancing group) and keep using Unbound in resolving mode.

Steve