NAT stops working in Multi WAN when Primary WAN goes down
-
Rules attached, not customized any Advanced settings, all are defaults.
Thanks!
![NAT rules.png](/public/imported_attachments/1/NAT rules.png)
![NAT rules.png_thumb](/public/imported_attachments/1/NAT rules.png_thumb)
![WAN Rules.png](/public/imported_attachments/1/WAN Rules.png)
![WAN Rules.png_thumb](/public/imported_attachments/1/WAN Rules.png_thumb)
![WAN2 Rules.png](/public/imported_attachments/1/WAN2 Rules.png)
![WAN2 Rules.png_thumb](/public/imported_attachments/1/WAN2 Rules.png_thumb) -
That looks fine. Those will be completely independent of each other.
How are you testing? From inside or outside?
-
From outside, using an Amazon server!
-
But HOW are you testing? To an FQDN? To an IP address? Using Curl? what?
Describe exactly what you are doing.
When you are testing look at the states. What do you see?
-
I'm Testing to the WAN2 IP address, using the browser and hitting on default port 80, below is the state when WAN is offline:
WAN2 tcp <amazon server="" ip="">:50663 -> 192.168.0.54:80 (<wan2 ip="" address="">:80) CLOSED:SYN_SENT 3 / 0 152 B / 0 B
LAN tcp <amazon server="" ip="">:50663 -> 192.168.0.54:80 ESTABLISHED:SYN_SENT 4 / 1 232 B / 52 BWhen WAN is online:
WAN2 tcp <amazon server="" ip="">:50666 -> 192.168.0.54:80 (<wan2 ip="" address="">:80) TIME_WAIT:TIME_WAIT 6 / 5 521 B / 650 B
LAN tcp <amazon server="" ip="">:50666 -> 192.168.0.54:80 TIME_WAIT:TIME_WAIT 6 / 5 521 B / 650 B</amazon></wan2></amazon></amazon></wan2></amazon> -
When WAN is online, a refresh:
WAN2 tcp <amazon server="" ip="">:50668 -> 192.168.0.54:80 (<wan2 ip="" address="">:80) ESTABLISHED:ESTABLISHED 4 / 3 441 B / 570 B
LAN tcp <amazon server="" ip="">:50668 -> 192.168.0.54:80 ESTABLISHED:ESTABLISHED 4 / 3 441 B / 570 B</amazon></wan2></amazon> -
I'm also monitoring the logs on the http server, I see a proper request when the WAN interface is online, however, no entries whenever the WAN interface is down.
-
Is there something else required on the server that might not be working when WAN is offline, like DNS resolution?
You can plainly see that the port forward is working and traffic coming back from the server isn't being received.
Packet capture both tests on the LAN interface and see what's really happening there.
-
Attaching a snip of the capture, for when the request fails. The only thing that is changing during this is that of the WAN interface being offline.
[WAN Down.txt](/public/imported_attachments/1/WAN Down.txt)
-
Strange though, I'm able to recreate this issue also on another box with the latest version of pfSense. I made the WAN2 as WAN on the new box, and the NAT stopped working for the new WAN2 on the new box as soon as the WAN interface went down.
-
Another observation, If I set the WAN2 network as default gateway, though the WAN interface would be offline, the NAT works properly.
-
The issue has been resolved, I went ahead and enabled the setting "Default gateway switching", based on my last observation.
Now in-spite of the WAN interface going offline the NAT works.