Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Wrong routing for gateway monitoring

    Routing and Multi WAN
    2
    2
    850
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      siebo
      last edited by

      Hello forum,

      my pfsense firewall does not give me the correct status for the monitored gateways even though I did configure everything correctly from my point of view.
      I think it might be a routing issue but let me explain a little bit my configuration.

      I have configured only 1 active network card (LAN) and have 2 WAN gateways (DSL and LTE) within the same network.
      Currently the pfsense is used for DHCP and DNS service but should also provide failover WAN access in the future.
      Currently the DHCP delivers the DSL gateway as default gateway.

      I configured the LAN interface with the static IP 192.168.253.1/24,
      the two gateways have the IPs .4 (DSL) and .3 (LTE).

      I configured both gateways under System > Routing > Gateways as follows:

      | Name | Interface | Gateway | Monitor IP |
      | dsl_dev_null (default) | LAN | 192.168.253.4 | 8.8.8.8 |
      | lte_dev_null | LAN | 192.168.253.3 | 208.67.220.220 |

      As you can see I used the DNS server IPs from Google and OpenDNS as monitor IP to monitor the upstream instead of the actual gateway.
      Under System > General Setup I configured the DNS servers as follows:

      | DNS Server 1 | 8.8.8.8 | dsl_dev_null - lan - 192.168.253.4 |
      | DNS Server 2 | 208.67.222.222 | dsl_dev_null - lan - 192.168.253.4 |
      | DNS Server 3 | 208.67.220.220 | lte_dev_null - lan - 192.168.253.3 |
      | DNS Server 4 | 8.8.4.4 | lte_dev_null - lan - 192.168.253.3 |

      I also added the "Default gateway switching option" under System > Advanced > Miscellaneous.
      When I look at the routing table now I get the following output:

      | Destination | Gateway | Netif |
      | default | 192.168.253.4 | em1 |
      | 8.8.4.4 | 192.168.253.3 | em1 |
      | 8.8.8.8 | 192.168.253.4 | em1 |
      | 208.67.220.220 | 192.168.253.3 | em1 |
      | 208.67.222.222 | 192.168.253.4 | em1 |

      According to these settings the routing to the DNS servers (and so to the monitor IPs of the gateways) is set to the respective gateway that should be monitored.

      If I then mark the DSL gateway as down manually I can see the default gateway switching from .4 to .3.
      I also see the switch in a traceroute from a connected PC when I trace for example heise.de. It goes via .4 or .3 with respect to the gateway status.

      Now comes the problem:

      If I disable the LTE connection via the router settings the LTE gateway is still showed as online by dpinger.
      Also a traceroute to 208.67.220.220 from a client shows the DSL gateway as first hop (irrespective of the gateway status).

      dpinger seems to fail to follow the routing table for checking the interface status thus checking the monitor IP 208.67.220.220 over the DSL gateway instead of the LTE gateway.

      Can you explain why this is ?

      Thank you in advance.

      Sincerely,
      Siebo

      1 Reply Last reply Reply Quote 0
      • dennypageD
        dennypage
        last edited by

        You have a single network interface (LAN), with both gateways in the same network, accessible via the same interface. This does not do what you intend.

        For multi-wan you would expect multiple WAN interfaces and a seperate LAN interface like so:

        
WAN1 X.X.X.1/28 gateway X.X.X.2
WAN2 Y.Y.Y.1/28 gateway Y.Y.Y.2
LAN 192.168.253.1/24
        1 Reply Last reply Reply Quote 0
        • First post
          Last post