Solved: Inbound Multiwan Routing Problem

Crysion · Jul 1, 2019, 2:27 PM

Hi guys,
I have a multiwan routing problem on my PFSense. I have 2 external Internet lines, with two public IP addresses. Both are combined into one gateway group. However, only one of the two public IP addresses is accessible from the outside. In the PFSense documentation, it was written: "On current versions of pfSense, from the perspective of traffic coming in to services on pfSense from the Internet, connections will return through the WAN which they entered. "That doesn't work for me.
SSH listens on all IP addresses and is also unlocked from anywhere on the firewall. If I now connect to the non default gateway ip address via port 22, my connection will be answered via the IP address of the default gateway.
Can anyone help me?

JeGr · Jun 28, 2019, 1:38 PM

@Crysion said in Inbound Multiwan Routing Problem:

SSH listens on all IP addresses and is also unlocked from anywhere on the firewall. If I now connect to the non default gateway ip address via port 22, my connection will be answered via the IP address of the default gateway.

That's not default behavior. You are right, SSH listens on all interfaces and if you allow SSH on the selected interfaces (I assume WAN1 and WAN2) then you should be able to access it. Are your WAN interfaces setup correctly? Do both have their gateways? Even if you have a failover or loadbalance gateway group as default, packages coming in the 2nd WAN will be answered by that IF/GW as long as nothing has been misconfigured or forgotten.

Regards

Crysion · Jun 28, 2019, 2:30 PM

@JeGr Thanks for your reply!!
I would say, that both gateways are correct configured.
Both interfaces are enabled.
Both have a static ip-address and a ipv4 upstream gateway.
For both "Block bogon networks" is active.
Nothing else is configured for the wan network devices!

JeGr · Jun 28, 2019, 2:49 PM

@Crysion said in Inbound Multiwan Routing Problem:

Nothing else is configured for the wan network devices!

What about the rules on WAN/WAN2?

Crysion · Jun 28, 2019, 2:51 PM

They're both configured in a interface-group. Firewall rules are just configured for this group, not for a single Device.

JeGr · Jul 1, 2019, 2:13 PM

Then please try and add a SSH rule for either interface, not to the group you created. I doubt that those group rules add the necessary reply-to keywords to the pf rules

Crysion · Jul 1, 2019, 2:22 PM

@JeGr That is absolutely correct. Thank you very mutch for your help!!!!

JeGr · Jul 1, 2019, 2:48 PM

You're welcome :)