Can't properly configure multi-wan and NAT together

MaddoScientisto

I've been trying for weeks but I still haven't managed to reach a completely working setup, there's always a little problem that breaks everything.

Here's the setup:
I have two PPPoE connections: WAN1 is through a bridged modem while WAN2 is a direct ethernet connection, both work fine and are entirely managed by pfsense.

The LAN has address 192.168.100.253 and has DHCP server enabled.

What I tried:

I followed some guides and made 3 gateway groups:

| Group1 | WAN_DHCP Tier 1 | WAN2_DHCP Tier 1 | High Latency |

| WAN1FailOver | WAN_DHCP Tier 2 | WAN2_DHCP Tier 1 | Member Down |

| WAN2FailOver | WAN_DHCP Tier 1 | WAN2_DHCP Tier 2 | Member Down |

Then I made the lan rules shown in the first attachment.

Now what happens is that if I unplug WAN1 then computers on the network can't navigate anymore but some services such as telegram still work fine.
If I unplug WAN2 instead navigation continues as normal. This is not what I expected.
When both connections are connected then navigation will go mostly through WAN2 unless there's a large upload going on (which makes the interface appear down in the gateway stats), which will make the rest of the connections go through WAN1.
This is what I expected and wanted.

First question: Why does failover not properly fail over?

Now for the second issue:
If I try to add some NAT configuration to allow my internal servers to be accessed from outside they just won't work at all.

Here's what I tried:
Port forward rule
Interface: WAN1
Protocol: TCP
Destination: Any
Destination port: 800
Redirect target IP: 192.168.100.95
NAT Reflection: Enabled (NAT + proxy)
and then it automatically generated a rule

At first I thought this worked fine because if I tried to access the external IP from inside the network it properly redirected to the proper address, except it was just an illusion because trying that from an outside connection just doesn't work at all and makes the browser time out indefinitely.

Might this be because the connection is trying to go out from the other interface? I don't know and I don't know how to solve this, please help.

Bonus issue: Some forums log me out after every page refresh unless I make a specific rule to allow connection to the site through a single interface, how can this be solved?

Fabio72

For the first problem, check dns. In my case the pfsense resolver was unable to work on the backup WAN. The solution should be activate default gateway switching OR set dns resolver in forwarding mode.
That's because you set policy routing for LAN but pfsense itself does not follow the LAN rules.
Howtos are not so clear because there's a mix of older and newer approaches to multiwan.

MaddoScientisto

@Fabio72:

For the first problem, check dns. In my case the pfsense resolver was unable to work on the backup WAN. The solution should be activate default gateway switching OR set dns resolver in forwarding mode.
That's because you set policy routing for LAN but pfsense itself does not follow the LAN rules.
Howtos are not so clear because there's a mix of older and newer approaches to multiwan.

Thanks, that actually solved the first problem, now the second problem still remains