Gateway "automatic" setting



  • So long story short.. My ISP had an outage they did not admit (found out the whole area was down but was told otherwise causing me to try and fix it locally..

    I rebuilt my WAN interface config yesterday morning and could never get my primary box back up. The test box works fine however and I was able to reach my primary remotely as they are both on the same ISP gateway. Incoming VPNs also worked fine if I recall right..

    Under- System/Routing/Gateways the setting "Default gateway IPv4" defaults to automatic. (At least it did to me here) Set to automatic my ISP gateway was unreachable from every LAN subnet that I have on this box here. (5 of them) DPinger showed the gateway as up.. but I could not reach anything outside of the WAN subnet. I had to change this to the next option WAN_DHCP before things went back to normal..

    I only have one WAN and IPv6 is not being used.. i.e. one gateway on the system... Bug?


  • Netgate Administrator

    There are a number of tickets that were opened against that feature in 2.4.4. I believe most have been resolved in 2.4.5 snapshots. If you have a setup known to hit an issue and can test 2.4.5 that would be great.

    https://redmine.pfsense.org/issues/8910

    Steve



  • Thanks Stephen!

    Im leaving the primary where it is for now but I have an old Watchguard XCS box that I use as my test box and for right now our internet access till I switch things back tonight.

    I bet I can recreate it on this box later.

    My email server is now getting hammered as all the backed up emails coming in..


  • Netgate Administrator

    As I say if you can test that would be good. If it is not fixed for your case then we need to know to get a fix into the next patch release.

    Steve



  • I've been wondering exactly how this feature works and there is no documentation on it. Does anyone know when to use the various different settings it provides and what they do?

    Does Automatic exclude Static routes? Should it be set the same for multi-wan and single WAN setups?


  • Netgate Administrator

    IMO it's better to always set it to something. If you use the 'Automatic' setting it may correctly choose the gateway but it may also change that at a subsequent boot should you add additional gateways. Probably not something you want.

    in 2.4.4+ you can set a failover group as the default gateway (note: not load-balancing!) which allows traffic from the firewall itself to take advantage of multiwan. That was not previously possible.

    Static routes should not be affected by that setting.

    Steve



  • I had it set to automatic and it set my default gateway to my internal router the other day. But I also had a failover group setup recently as the gateway and the FW wouldn't respond on its secondary WAN from the outside but it did work when set to automatic.

    I haven't figured out what works best yet.


  • Netgate Administrator

    Hmm, that's interesting. You had the default gateway set to a failover group and with that set you could not access the firewall on the the backup WAN IP? Access the webgui? Coming from an external IP?

    Steve



  • Correct. I didn't troubleshot much or check the routing table. Was in the middle of something and didn't want to digress. I'll probably be testing more in the next week or two.


Log in to reply