FpSense loop
-
Hi all, I have an Alix with 3 nic.
All 3 nics are connected to the switch.WAN 192.168.2.250 (no gw)
WAN 1.2.3.4 (gw 1.2.3.5)
WAN2 7.8.9.10 (gw 7.8.9.11)System/Routing
Gateways
isp1 (gw 1.2.3.5) (monitor ip 8.8.8.8)
isp2 (gw 7.8.9.11) (monitor ip 208.67.222.220)
Gateway Groups
Group Name 'wangrp'
Tier1 isp1
Tier2 isp2
Trigger Level "Packet Loss or High latency"general / setup / DNS Server Settings
i set 2 dns servers for each gwFirewall/Rules/LAN
advanced/Gateway -> wangrpI don't know why, it generates a loop and the swithc goes crazy.
-
Make sure you are not using the same DNS servers for monitoring that you have in system, general setup.
e.g. If you are monitoring 8.8.8.8, use 8.8.4.4 for DNS if you are using 208.67.222.222 as a monitor, use 208.67.220.220 for DNS.
Not sure if 208.67.222.220 is valid… -
Thank you for your reply.
Could you please explain why using the same dns as system dns and monitoring dns may cause a loop?
(If I understand it, I'll have more canches to remember it). :)
Thank you. -
Setting a particular address for a monitor causes the system to static route it through a particular gateway. Setting one of the system DNS servers to a particular gateway also causes the system to static route it. If you are not careful, you can cause the monitor to flap between two gateways. From your description, it sounds possible you have encountered this problem.
-
Today at about 10am, I got the same problem again.
It doesn't seem to be related to multi wan anymore because I tried to remove the gateway group and firewall rule.
I had to unplug bot wan cable from my firewall.
As soon ad I insterted back just one of the two, it started looping.
Also rebooting pfsense didn't help.
Once removed the wan cable, the loop stops.
I have no idea of what's going on.
(I also checked dns / monitor ip configuration as suggested). -
Hi all, I have an Alix with 3 nic.
All 3 nics are connected to the switch.Be sure each of the 3 switch ports got its own VLAN and, if the switch is a Cisco, be sure the two Internet links are from different ISPs.
WAN 192.168.2.250 (no gw)
WAN 1.2.3.4 (gw 1.2.3.5)
WAN2 7.8.9.10 (gw 7.8.9.11)
…
I don't know why, it generates a loop and the swithc goes crazy.Be sure the 192.168.2.250 interface is LAN, not WAN.
-
Thank you for the reply.
Be sure each of the 3 switch ports got its own VLAN and, if the switch is a Cisco, be sure the two Internet links are from different ISPs.
The switch is a TP-lInk TL-SG2424.
nic 1 belongs to multiple vlan
nic 2 and nic 3 are both on vlan 1 (no vlan).
Notice that pfSense has been working for more than a week and till 10:00 am this morning.
It loop even with a single wan connected. -
..
Be sure each of the 3 switch ports got its own VLAN and, if the switch is a Cisco, be sure the two Internet links are from different ISPs.
…
nic 1 belongs to multiple vlan
nic 2 and nic 3 are both on vlan 1 (no vlan).You didn't state what NIC1, NIC2 and NIC3 are, so I assume NIC 1 is LAN, NIC 2 and NIC 3 are WAN and OPT1.
As NIC1 belongs to multiple VLANs and you didn't state what VLAN is the LAN interface on, I assume it is on the untagged (i.e. native) VLAN which, as it follows from your second statement, is most likely VLAN 1.
So, all the three interfaces are on the same network (VLAN 1), which is probably not your intention. Interfaces should normally belong to separate networks.
Notice that pfSense has been working for more than a week and till 10:00 am this morning.
It loop even with a single wan connected.It worked, but not as you want. Right?
-
All 3 nics are connected to the switch.
Ok, missed that detail. What possible reason would you have to connect your WAN interfaces to the switch? They should connect to the provider equipment directly. If you need to use the switch due to lack of ports, the wan interfaces need to be on separate vlans, as dusan mentioned.
-
Provider equipment may reside on different switches. Probably different rooms, floors or buildings.
