I can not ping outside



  • Hello I have installed pfSense 1.2 with setup:

    WAN -> 1.2.3.4(This is not a real IP.) (conneted to ADSL)
    LAN -> 10.0.1.1 (LAN)
    OPT1 -> 11.22.33.44 (This is not a real IP.) (connected to a route to internet)
    two static routes are for WAN and OPT1's DNS IPs correspondingly.

    I have only setup for failover: using WAN if WAN fails, then use OPT1.

    My problem is: I can not ping outside by Diagnostics =>  Ping with interface OPT1, but by using interface OPT1, I can ping OPT1's DNS, OPT1's gateway.  After switching WAN's IP/network and OPT1's IP/network, I still can not ping outside by using OPT1 interface.

    I have worked on this for a while, but don't fix it. Can anyone give me any suggestions? Thanks.



  • Notice in the diagnostics ping page where it says :

    "Note:  Multi-wan is not supported from this utility currently. "

    They actually meant that.  Also, stop using 1.2-release, upgrade to 1.2.2-release or the 1.2.3 snapshots.



  • Thanks submicron. Do you mean I must use higher version?

    When I ping it, it is before I setup multi-wan. Of course still not working after setup Multi-wan failover.



  • I have upgrade to 1.2.2, but the same problem: OPT1 can not ping outside except DNS and intranet. Is there any special settings needed for OPT1? Because OPT1 can not ping outside, I cann not setup a failover multiple connection.

    Very hope any suggestions.

    Thanks.

    @submicron:

    Notice in the diagnostics ping page where it says :

    "Note:  Multi-wan is not supported from this utility currently. "

    They actually meant that.   Also, stop using 1.2-release, upgrade to 1.2.2-release or the 1.2.3 snapshots.



  • multiWAN refers to having multiple WANs.
    Not actually loadbalancing.

    You simply cannot ping out an additional interface.
    pfSense uses its routing table for everything running on it.
    If you ping to soemthing on the internet the routing table points to the default gateway which is the primary WAN gateway.

    If you really want to send a ping out a different interface you need to create a static route for the IP you want to ping pointing to the gateway of the OPT interface.



  • Thanks GruensFroeschli. We have real multiple wan connections (WAN and OPT1 are real wan connections. They can connect to internet while not use pfSense, or set as WAN in pfSense. Only not working by seting as OPT1.)

    After I set a failover pool and let LAN use this pool (I followed exactly the pfsense documents then tried different variants), failover doesn't work, only use WAN. The attached is a picture for routes after I setup. It seems there is no route to OPT1 for any packages if WAN fails.

    Any suggestions, experiences and hints are welcome. Thanks very much.




  • If you Diagnostics -> Traceroute to your static routed ip's
    Do they then use the right wan?



  • @Perry:

    If you Diagnostics -> Traceroute to your static routed ip's
    Do they then use the right wan?

    Yes. They use right wan. It seems my problem is that pfSense don't set OPT1 as my secondary route to outside. Here is my traceroute output:

    traceroute 207.***.98.226

    traceroute to 207.54.98.226 (207.***.98.226), 64 hops max, 40 byte packets
    1  172.19.11.62 (172.19.11.62)  10.148 ms  9.110 ms  8.924 ms
    2  172.19.11.62 (172.19.11.62)  9.026 ms  9.086 ms  8.936 ms
    3  10.64.184.21 (10.64.184.21)  10.009 ms  10.066 ms  9.939 ms
    4  10.64.176.2 (10.64.176.2)  11.918 ms  10.925 ms  9.976 ms
    5  10.64.8.217 (10.64.8.217)  15.968 ms  16.871 ms  16.967 ms
    static-68-179-0-89.ptr.terago.net (68.179.0.89)  18.007 ms  17.611 ms  16.920 ms
    calsl05.terago.ca (207.***.98.226)  20.258 ms  18.855 ms  16.593 ms

    traceroute 216.***.192.3

    traceroute to 216.***.192.3 (216.***.192.3), 64 hops max, 40 byte packets
    1  10.129.22.1 (10.129.22.1)  31.740 ms  31.867 ms  31.972 ms
    core1.edge2.vwc.uniserve.ca (216.113.192.211)  33.975 ms  33.873 ms  31.995 ms
    ns1.uniserve.com (216.***.192.3)  31.968 ms  33.903 ms  43.984 ms



  • @caigeliu:

    After I set a failover pool and let LAN use this pool (I followed exactly the pfsense documents then tried different variants), failover doesn't work, only use WAN. The attached is a picture for routes after I setup. It seems there is no route to OPT1 for any packages if WAN fails.

    Any suggestions, experiences and hints are welcome. Thanks very much.

    This is the expected behaviour.
    pfSense itself cannot make use of the failover.



  • @GruensFroeschli:

    This is the expected behaviour.
    pfSense itself cannot make use of the failover.

    Thanks GruensFroeschli. I read the pfSense docs and follow it.  So you think what I set results in no multi-wan failover. Then if I would like to set a multi-wan failover in pfSense, what should I do? Thanks.



  • If you want failover for packages the package itself has to support some sort of failover.
    You then can create a static route for the failover configuration of the package.

    ie:
    If you use the FreeRADIUS authentication of the captive portal you can specify a fallback IP for the FreeRADIUS server.
    (In case the primary IP is not reachable it will fallback to the secondary entry).
    –> Create a static route for this fallback IP to the second WAN gateway.



  • @GruensFroeschli:

    If you want failover for packages the package itself has to support some sort of failover.
    You then can create a static route for the failover configuration of the package.

    ie:
    If you use the FreeRADIUS authentication of the captive portal you can specify a fallback IP for the FreeRADIUS server.
    (In case the primary IP is not reachable it will fallback to the secondary entry).
    –> Create a static route for this fallback IP to the second WAN gateway.

    You made me confused. I followed the doc at http://doc.pfsense.org/index.php/MultiWanVersion1.2,  that describes that seting a failover is just a piece of cake. Now you told me here I missed something important. Would you please describe it more specific: in my case what should I do?  How to make my packages failover enable? Or recommand me a doc which describe a complete setup of failover with pfSense? Thanks.



  • The failover and loadbalancing pools are used within firewall rules.
    When traffic arrives from the LAN and gets handled by the firewall rule(s) the traffic gets passed over to the balancing/failover pool specified in the firewall rule.
    The traffic then gets balanced/failovered according to the specified pool.

    Traffic from the pfSense itself never arrives from any interface.
    –> Traffic never goes through any firewall-rules.
    --> Traffic doesnt get handled by the failover/balancing pool.
    --> --> Traffic originating from the pfSense itself cannot make use of the failover/balancing feature.
    Packages are on the pfSense itself and thus cannot make use of the failover/balancing feature.

    The package itself has to have some sort of failover to work.

    Alternative you can have 2 pfSense behind each other.
    One for the balancing and one for the services.

    You made me confused. I followed the doc at http://doc.pfsense.org/index.php/MultiWanVersion1.2,  that describes that seting a failover is just a piece of cake. Now you told me here I missed something important. Would you please describe it more specific: in my case what should I do?  How to make my packages failover enable? Or recommand me a doc which describe a complete setup of failover with pfSense? Thanks.

    This document describes how you setup failover/loadbalancing for the clients behind pfSense, not pfSense itself.



  • @GruensFroeschli:

    The failover and loadbalancing pools are used within firewall rules.
    When traffic arrives from the LAN and gets handled by the firewall rule(s) the traffic gets passed over to the balancing/failover pool specified in the firewall rule.
    The traffic then gets balanced/failovered according to the specified pool.

    Thank GruensFroeschli  very much. I understand now. I had tried to test failover in the pfsense host, that is not correct.  My setting of failover is OK, but my testing way is wrong. Now I have tested it from one of LAN computers, it works well.

    Thanks again.


Log in to reply