Gateway is down



  • Hi

    I got a new HyperV host, finally!  ::)

    –-WHAT IS WORKING-
    Without Pfsense and a manual route on my VMs+host, I can reach a private subnet0 in a second host HyperV, where a Pfsense1 VM routes correctly to that subnet.
    With a Pfsense2 VM in the new HyperV still I can reach the subnet0, when I put the Wan interface with Pfsense1 as gateway, but cannot reach Internet.

    –-THEN-
    I put the Pfsense2 Wan interface with gateway to the provider's router, in order to have Internet working.
    I added
    -the Pfsense1 gateway + static route to the subnet0 on top priority.
    -rules allowing traffic outbound from LANs in both Pfsenses (...I not sure about Nat here...) and inbound on the interfaces connected to the router's Lan (pfsense wan gateways).
    -tried set the gateway to Pfsense1 as default.

    Result?
    I see the Pfsense1 gateway to Pfsense2 down. And viceversa.
    My clients go directly through the router's of the provider (pathping, tracert).

    I would like:
    -either pass all traffic to Pfsense1
    -route all traffic for the subnet0 through Pfsense1, and al the rest through the router's provider.

    I know is difficult to read, I don't read much myself... Thanks for your time.
    Andrea



  • I notice that if a client in Subnet0 does not have a gateway in its nic config, tracert from a router's client, physical or virtual, shows the traffic leaving directly through the provider's router, without ever touching Pfsense1.

    Wan–-Pfsense1 wan-------------
    |                                              ____VM Subnet0
    |                                              |
    Router----Pfsense1 backup wan---
    |  \     
    |  \      laptop
    |    \ 
    |      \Opnsense Wan
    |
    |
    Pfsense2
    |
    VMs Subnet1

    dpinger sendto error: 64
    dpinger sendto error: 55



  • Nat, Vlans, no Pfsense2?  8)  :-[ :-\



  • The gateway came up adding a super gentle firewall rule, but I still cannot control the flow to either the VM subnet, or the Internet.



  • It seems I had the 2nd Wan interface set with the gateway, which is quite normal for a Wan interface, but not if another Wan has already set a default gateway.

    https://doc.pfsense.org/index.php/Asymmetric_Routing_and_Firewall_Rules

    still there are issues…:(

    Sometimes something works for a while, then maybe a states refresh happens, I get inconsistent results.



  • Is it all on the same single host?



  • I just got a 2nd HyperV and a Dlink Gigabit router with Public Fix Ip.
    A second Public Fix Ip Connection is on  Pfsense1.

    I have now 2/3 Pfsenses and 1 Opnsense all VMs with an External interface on the Lan of the Dlink.

    If I try to check the system logs I see no traffic logged, so I started to presume this is happening at switch level. This document speaks about Unfilterable Traffic
    https://doc.pfsense.org/index.php/Firewall_Rule_Troubleshooting

    This isn't possible if both clients are on the same subnet and switch; In that case, the routing of packets is handled at the switch level, and pfSense has no knowledge of the traffic.

    I believe the behavior of HyperV virtual switch is in question. Indeed I had issues with QoS as well.

    https://social.technet.microsoft.com/Forums/en-US/451f97e6-6601-4e2b-8377-01b8869b906c/internal-nic-no-more-than-fastethernet-speed?forum=win10itprovirt



  • I think i am trying to do something non logical.

    Can somebody give me an advise how to have intercommunication between 2 VM subnets in 2 different Hosts, both connected to the same switch(router)?

    CARP, VPN?

    I cannot do much modification on the Dlink switch(router).



  • For egas_tt only

    It was a design issue. Basically 2 interface DGs cannot be set to point at each other. 1 of the 2 need have no if-dg.

    Osfp helps avoiding to create default routes.

    Wonderful Pfsense ! :o 8) ::)