Routing Issue
-
We currently have three WAN links and are going to get rid of two of them soon. All go through the PFSense box (v.2) and access works fine on the two that we will be taking down. On the remaining WAN link we have a Cisco 2901 router between the PFSense and the ISP Layer 2 device. The configuration is something like this:
Internal network (192.168.0.0/24)
|
|
192.168.0.x/24
PFSense
1.1.1.3/28
|
|
|
1.1.1.4/28
Cisco Router
8.8.8.5/30
|
|
|
8.8.8.6/30
ISP Layer 2 Device
InternetWith the other two WAN links intact I can ping from the firewall through the router to the Internet. When I take the doomed WAN links down I can still ping from the firewall out to the Internet by FQDN and IP address.
However, when I try from a PC within the internal network and the doomed WAN links are down, I cannot get out at all.
It has to be something simple within the firewall and I am hoping somebody can steer me in the right direction off the bat. I am not that familiar with the PFSense firewall….but that is changing!
Thank you!
BanjoBoy -
perhaps you are missing NAT rules for that wan interface?
-
NAT rules are setup correctly (basically copied from one of the other working interfaces) and triple-checked for accuracy. But here is the weird thing: without changing anything, the new interface I setup suddenly began working! I cannot explain it (which causes me a little concern) but working it is! We'll monitor and continue troubleshooting but I think this issue is resolved. Thanks for your help!
-
what are you firewall rules.. Guessing you were using some load balancing directing specific gateways?
So need to see what firewall rules you have on interface your internal network talks to pfsense on.
-
Issue resolved. I simply restored the PFsense to a saved configuration, then rebuilt my Cisco Router and it all came back.
Thanks for the help!
