Multi-Wan ping replies go out the wrong interface
-
I have 2 ISP multiwan setup because issues with stability from both providers. I would like to log downtime into an easy to view chart that I can use to recieve credits on my accounts when the service is down. I am trying to use uptimerobot.com for this.
The problem I am having is that echo request are received on both WAN interfaces, but replies (echo reply) are being sent out the current default gateway interface. This causes the ping from the non-DFG interface to fail.
I've tried rules for source address=Wan2 address, then use the WAN1 interface, but no luck.
I have also tried removing the default gateway flag from the gateways, but pfSense seems to randomly pick and set one when one is not explicitly provided, so no luck there either.
Any ideas? Thanks in advance.
-
Hi,
You have to create a group with your two gateways.
There's a lot docs related to that topic.
-
The problem I am having is that echo request are received on both WAN interfaces, but replies (echo reply) are being sent out the current default gateway interface. This causes the ping from the non-DFG interface to fail.
How exactly are you determining that the ICMP reply is exiting from the wrong interface? tcpdump? I use UptimeRobot too, and am monitoring dozens of multi WAN pfsense devices with it… works just fine. Do you have any funny floating rules maybe?
-
tcpdump via the packet capture tool under diagnostics. Filtering for ICMP traffic only, I was able to see incoming pings from Uptimerobot, followed by an ICMP denied by admin message (I didnt save the exact error) from of the other ISP's gateway.
Its working now… My rule to allow incoming ICMP echo requests was in Floating and needed to be split into 2 rules, 1 for each gateway.
