Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Almost perfect multi WAN setup

    Scheduled Pinned Locked Moved Routing and Multi WAN
    9 Posts 4 Posters 4.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dekopolis
      last edited by

      I've looked on the forums and I've looked at several of the multi-WAN examples floating around, but I still can't figure this one out. All the numbers on this page are fictitious, but I kept them similar to make things as close to the original as possible.

      Everything seemed to work just find, and then this…

      Here is the basic problem:

      When browsing the internet, website "subdomain.websiteinquestion.com" does not respond.
      Here are the facts:
      1. "subdomain.websiteinquestion.com" => 216.45.128.206
      2. "www.websiteinquestion.com" => 216.45.128.212
      3. pinging "subdomain.websiteinquestion.com" does not work from behind pf, but works fine from the pfsense diagnostic ping page.
      4. pinging "www.websiteinquestion.com" works just fine
      5. websiteinquestion.com's ip address is used by the same provider that provides the T1 (I know this because the owner of the site told me, and #6 pretty much confirms it.)
      6. a traceroute to "subdomain.websiteinquestion.com" from diagnostic page shows only 4 hops
      7. if i let traffic flow on default gateway, then issue goes away

      Extra Facts:
      1. In a previous attempt at this, I tried to use the DNS servers as the monitor ips for the failover pool. I use the first DNS for the cable side to monitor that connection and the first DNS from the T1 to monitor the WAN. The T1 monitor would fail sporadically. In other words, pinging the DNS would fail about half the time.
      2. Pinging the DNS of the T1 from behind the pf in the setup below behaves the same way.

      Here is my setup:

      Thanks!!!

      1 Reply Last reply Reply Quote 0
      • K
        ktims
        last edited by

        What's a traceroute to the IP that's not working, from behind pfSense, look like? From what you've described, I don't think the problem is your pfSense.

        1 Reply Last reply Reply Quote 0
        • C
          cmb
          last edited by

          What pfSense version?

          1 Reply Last reply Reply Quote 0
          • P
            Perry
            last edited by

            3. pinging "subdomain.websiteinquestion.com" does not work from behind pf, but works fine from the pfsense diagnostic ping page.

            pfsense will use wan while lan uses wan2

            Tests I would preform:
            MTU check of WAN2 http://forum.pfsense.org/index.php/topic,13649.msg72930.html#msg72930
            Enable DNS forwarder and let it use opendns while the DNS server forwards to pfSense http://pfsense.comuf.com/multiwan.html

            /Perry
            doc.pfsense.org

            1 Reply Last reply Reply Quote 0
            • D
              dekopolis
              last edited by

              Thanks for the response everyone!!!

              ktims:

              What's a traceroute to the IP that's not working, from behind pfSense, look like?

              Traceroute to IP I can't ping on WAN2:
              Traceroute to 216.45.128.206
              1     *        *        *     Request timed out.
              2     7 ms     6 ms     6 ms  ge-1-1-ur01.blah.blah.net [68.102.150.169]
              3     7 ms     6 ms     6 ms  te-9-1-ur02.blah.blah..net [68.102.148.102]
              4    10 ms    11 ms    12 ms  te-7-3-ar02.nblah.blah.net [68.102.148.225]
              5    13 ms    11 ms    14 ms  po-1-ar01.blah.blah..net [68.90.232.101]
              6    12 ms    14 ms    15 ms  te-0-3-0-1-cr01.blah.blah..net [68.102.90.133]
              7    27 ms    30 ms    29 ms  pos-1-8-0-0-cr01.blah.blah.t.net [68.102.85.17]
              8    28 ms    28 ms    28 ms  64.132.130.249
              9    49 ms    50 ms    48 ms  66.192.120.202
              10     *        *        *     Request timed out.
              11     *        *        *     Request timed out.
              12     *        *        *     Request timed out.
              13     *        *        *     Request timed out.
              14     *        *        *     Request timed out.
              …Eventually goes over maximum hops....

              Traceroute to IP I can ping on WAN2:
              Traceroute to 216.45.128.212
              1     *        *        *     Request timed out.
              2     8 ms     6 ms     6 ms  ge-1-1-ur01.blah.blah.net [68.102.150.169]
              3     8 ms     9 ms     6 ms  te-9-1-ur02.blah.blah..net [68.102.148.102]
              4    11 ms    11 ms    12 ms  te-7-3-ar02.nblah.blah.net [68.102.148.225]
              5    11 ms    11 ms    14 ms  po-1-ar01.blah.blah..net [68.90.232.101]
              6    12 ms    14 ms    15 ms  te-0-3-0-1-cr01.blah.blah..net [68.102.90.133]
              7    27 ms    30 ms    29 ms  pos-1-8-0-0-cr01.blah.blah.t.net [68.102.85.17]
              8    28 ms    28 ms    28 ms  64.132.130.249
              9    75 ms    50 ms    48 ms  66.192.120.202
              10    53 ms    52 ms    53 ms  216.45.128.212

              cmb

              What pfSense version?

              This is pfSense ver. 1.2.2

              Perry:

              Tests I would preform:
              MTU check of WAN2 http://forum.pfsense.org/index.php/topic,13649.msg72930.html#msg72930

              I have checked the MTU on both WAN/WAN2 and 1472 worked, so I think MTU is ok. I also double checked the subnet masks assigned by the ISPs and they are correct.

              Enable DNS forwarder and let it use opendns while the DNS server forwards to pfSense http://pfsense.comuf.com/multiwan.html

              I enabled the DNS forwarder and put the OpenDNS servers on the general page. DHCP still gives out 192.168.0.2, but that DNS server now forwards to the pfSense box. I created two static routes just like the multiwan document in the link shows, but there no change.

              1 Reply Last reply Reply Quote 0
              • P
                Perry
                last edited by

                Maybe Diagnostics -> Packet can give a hint on what's going on

                /Perry
                doc.pfsense.org

                1 Reply Last reply Reply Quote 0
                • D
                  dekopolis
                  last edited by

                  Perry

                  Maybe Diagnostics -> Packet can give a hint on what's going on

                  I tried going under Diagnostics -> Packet Capture:
                  I captured on WAN2, filtered for 216.45.128.206, Packet length 1500, Full Detail.
                  During the capture I ran a ping to the IP…

                  All I get in the capture is the outgoing ECHO request, and I never see the reply.

                  How can improve this? In other words, how can I see if PF receives the reply, and if it does, how can I see what it does with it?

                  Thanks!

                  1 Reply Last reply Reply Quote 0
                  • P
                    Perry
                    last edited by

                    Can you connect to the site if your are directly connect to the cable modem?

                    /Perry
                    doc.pfsense.org

                    1 Reply Last reply Reply Quote 0
                    • D
                      dekopolis
                      last edited by

                      Perry…After testing the line directly, it turns out that the owner of the site is blocking our public IP address. I've emailed the webmaster and so has our cable provider to let them know.

                      Thanks!!

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.