• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Wrong routing for gateway monitoring

Scheduled Pinned Locked Moved Routing and Multi WAN
2 Posts 2 Posters 891 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • S
    siebo
    last edited by Sep 16, 2016, 5:00 PM

    Hello forum,

    my pfsense firewall does not give me the correct status for the monitored gateways even though I did configure everything correctly from my point of view.
    I think it might be a routing issue but let me explain a little bit my configuration.

    I have configured only 1 active network card (LAN) and have 2 WAN gateways (DSL and LTE) within the same network.
    Currently the pfsense is used for DHCP and DNS service but should also provide failover WAN access in the future.
    Currently the DHCP delivers the DSL gateway as default gateway.

    I configured the LAN interface with the static IP 192.168.253.1/24,
    the two gateways have the IPs .4 (DSL) and .3 (LTE).

    I configured both gateways under System > Routing > Gateways as follows:

    | Name | Interface | Gateway | Monitor IP |
    | dsl_dev_null (default) | LAN | 192.168.253.4 | 8.8.8.8 |
    | lte_dev_null | LAN | 192.168.253.3 | 208.67.220.220 |

    As you can see I used the DNS server IPs from Google and OpenDNS as monitor IP to monitor the upstream instead of the actual gateway.
    Under System > General Setup I configured the DNS servers as follows:

    | DNS Server 1 | 8.8.8.8 | dsl_dev_null - lan - 192.168.253.4 |
    | DNS Server 2 | 208.67.222.222 | dsl_dev_null - lan - 192.168.253.4 |
    | DNS Server 3 | 208.67.220.220 | lte_dev_null - lan - 192.168.253.3 |
    | DNS Server 4 | 8.8.4.4 | lte_dev_null - lan - 192.168.253.3 |

    I also added the "Default gateway switching option" under System > Advanced > Miscellaneous.
    When I look at the routing table now I get the following output:

    | Destination | Gateway | Netif |
    | default | 192.168.253.4 | em1 |
    | 8.8.4.4 | 192.168.253.3 | em1 |
    | 8.8.8.8 | 192.168.253.4 | em1 |
    | 208.67.220.220 | 192.168.253.3 | em1 |
    | 208.67.222.222 | 192.168.253.4 | em1 |

    According to these settings the routing to the DNS servers (and so to the monitor IPs of the gateways) is set to the respective gateway that should be monitored.

    If I then mark the DSL gateway as down manually I can see the default gateway switching from .4 to .3.
    I also see the switch in a traceroute from a connected PC when I trace for example heise.de. It goes via .4 or .3 with respect to the gateway status.

    Now comes the problem:

    If I disable the LTE connection via the router settings the LTE gateway is still showed as online by dpinger.
    Also a traceroute to 208.67.220.220 from a client shows the DSL gateway as first hop (irrespective of the gateway status).

    dpinger seems to fail to follow the routing table for checking the interface status thus checking the monitor IP 208.67.220.220 over the DSL gateway instead of the LTE gateway.

    Can you explain why this is ?

    Thank you in advance.

    Sincerely,
    Siebo

    1 Reply Last reply Reply Quote 0
    • D
      dennypage
      last edited by Sep 16, 2016, 10:58 PM

      You have a single network interface (LAN), with both gateways in the same network, accessible via the same interface. This does not do what you intend.

      For multi-wan you would expect multiple WAN interfaces and a seperate LAN interface like so:

      
      WAN1 X.X.X.1/28 gateway X.X.X.2
      WAN2 Y.Y.Y.1/28 gateway Y.Y.Y.2
      LAN 192.168.253.1/24
      
      
      1 Reply Last reply Reply Quote 0
      1 out of 2
      • First post
        1/2
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
        This community forum collects and processes your personal information.
        consent.not_received