When Default gateway is set to Failover forwards stop working after a reboot... before they work fine.



  • Yesterday I had a dual-WAN pfSense that didn't "NAT" after it recovered from a power surge.
    I was still able to access the pfSense on its WebIF and through SSH. Those 2 also depend on port-forwards, but like I said already, those kept working.
    It's running version 2.4.4 and I make use of the new feature where you can chose a "gateway group" as a default gateway.

    On this router I have only 1 gateway group and it is configured like this:

    Failover
    WAN Tier 1
    VDSL Connection Tier 2
    Member down as trigger

    In "Gateways" I have set the IPv4 gateway as "Failover"

    I have many NAT rules, but I give these 2 as example
    NAT
    WAN TCP * * WAN address 443 (HTTPS) 192.168.16.2 443 (HTTPS)
    WAN TCP * * WAN address 22 (SSH) 127.0.0.1 22 (SSH)

    I made the mistake of not rebooting the router after I made these changes, so its incorrect behaviour only got exposed after that power surge. I also knew for certain that no configuration changes were made before the power surge as I make hourly back-ups (identical ones are purged).

    When I changed the default gateway to "WAN" all port forwards started working again.
    If I change the default gateway back to "Failover" everything continues to work, but it will stop working after a restart.
    I now changed default gateway to "Automatic".

    My question now is...
    Am I making a mistake somewhere by expecting good behaviour after selecting "Failover" as the default gateway or should pfSense work when it is set to "Failover"?

    I can of course give much more information



  • I'm having the same issue. Except I cannot access any external sites after a reboot also. Changing the default to something else and then back to the gateway group fixes all flow issues.

    The other option I see of doing is setting the gateway group under lan rules, and setting the routing default gateway to automatic. This breaks "static routes", so additional rules would need to be made for a few static routes I need.

    I experienced this issue under the RC and now with a fresh install of 2.4.4-RELEASE-p1.