pfSense behind pfSense: only first ping coming through

  • I have a setup with 2 pfSense boxes. The second one is behind the first one. It is a failover thing where the failover is not automatic.
    The problem is that the second pfSense (the inner one) does not have working Internet Access. E. g. the update check does not work.
    What I have done diagnostic-wise was to check the gateways and firewall rules. Nothing suspicious there.
    What I have seen though is that only 1 ping goes out.
    So if I ping the local IP of the 1st pfSense, all pings go through.
    If I ping, first ping works fine, for all other ones, I do not get a response.
    I don't know where to continue the search from here. I don't even know how to search on the first pfSense for any incoming data from the 2nd one, looking at all traffic I don't even need to get started.

  • ????

    That's not failover. If either one fails, you're down. Failover means that when one fails, the other can take over. That can't happen with your configuration.

  • @jknott It has direct WAN access too. But that needs to be manually enabled, since it is established via PPPoE. There is also an internal CARP IP. That is the failover part.
    For normal operation though, it uses the other pfSense as its default gateway. That is the part that is not working.

