Use a Gateway Group for Locally Originated Traffic?
-
Hi,
I've got MULTI-WAN set up and it seems to be working well (except for once in my testing when the tier 1 connection came back up, it didn't start using it again, it continued through the Tier 2 one, even though the Gateway was showing online. I had to force mark it as down, and then take that off again for it to change back over…. just a glitch?)
The problem i've got though is, traffic originating from the router itself, eg: DNS.
I'm using the DNS Server on pfsense, and not specifying any upstream servers - which I believe makes it talk directly to the root servers.
When I was first testing and forcing gateways to be marked down, everything worked fine. However, when I pulled the cable out of the primary, I then had no DNS anywhere - because the dns server couldn't make outbound requests because the default gateway was down.
I fixed this by using: "Enable default gateway switching".
This seems to have two implications: firstly, i'm not sure what the score is with it moving back to the primary when it comes back? - I read that it didn't switch back, but it seemed to for my test. Secondly, it means vlans with a catchall firewall rule not specifying a gateway get failed over, instead of just ones I specifically specify to.
Is gateway switching the right way to do this, or is there a better way?
What i'm thinking is - is there a way of getting locally originated traffic to use a gateway group?
Does traffic from the dns server for example originate from 127.0.0.1? - if so could I put a firewall rule from that with a gateway group specified?
Thanks,
Ian