Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Multi-Wan ping replies go out the wrong interface

    Scheduled Pinned Locked Moved Routing and Multi WAN
    6 Posts 5 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rsiemers2
      last edited by

      I have 2 ISP multiwan setup because issues with stability from both providers.  I would like to log downtime into an easy to view chart that I can use to recieve credits on my accounts when the service is down.    I am trying to use uptimerobot.com for this.

      The problem I am having is that echo request are received on both WAN interfaces, but replies (echo reply) are being sent out the current default gateway interface.    This causes the ping from the non-DFG interface to fail.

      I've tried rules for source address=Wan2 address, then use the WAN1 interface, but no luck.

      I have also tried removing the default gateway flag from the gateways, but pfSense seems to randomly pick and set one when one is not explicitly provided, so no luck there either.

      Any ideas?  Thanks in advance.

      1 Reply Last reply Reply Quote 0
      • O
        oducrot
        last edited by

        Hi,
        You have to create a group with your two gateways.
        There's a lot docs related to that topic.

        1 Reply Last reply Reply Quote 0
        • luckman212L
          luckman212 LAYER 8
          last edited by

          @rsiemers2:

          The problem I am having is that echo request are received on both WAN interfaces, but replies (echo reply) are being sent out the current default gateway interface.    This causes the ping from the non-DFG interface to fail.

          How exactly are you determining that the ICMP reply is exiting from the wrong interface? tcpdump?  I use UptimeRobot too, and am monitoring dozens of multi WAN pfsense devices with it… works just fine.  Do you have any funny floating rules maybe?

          1 Reply Last reply Reply Quote 0
          • R
            rsiemers2
            last edited by

            tcpdump via the packet capture tool under diagnostics.  Filtering for ICMP traffic only,  I was able to see incoming pings from Uptimerobot, followed by an ICMP denied by admin message (I didnt save the exact error) from of the other ISP's gateway.

            Its working now… My rule to allow incoming ICMP echo requests was in Floating and needed to be split into 2 rules, 1 for each gateway.

            H 1 Reply Last reply Reply Quote 0
            • H
              helviojr @rsiemers2
              last edited by

              @rsiemers2 I know it is quite old, but that really solved your issue? I keep having the packets being responded on the default gateway interface (using the IP address of the correct interface), even with a separate rule for the correct (not default gateway) interface, destination correctinterface_address, gateway correctinterface_gateway.

              V 1 Reply Last reply Reply Quote 0
              • V
                viragomann @helviojr
                last edited by

                @helviojr
                Ensure that there is no rule on an interface group or floating tab matching to that concerned traffic.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.