Multiple Gateways on same subnet
-
I re-did all my steps, installing a new pfSense instance, adding a WAN interface with static IP and gateway (10.1.0.1), did a traceroute, all traffic was being routed through the pfSense box :
Added a second gateway under System > Routing :
Modified the default firewall rule to route all traffic through second gateway :
Redid a traceroute :
Everything just breaks apart, NAT stops working, pfSense starts acting sort of like a switch, even when my LAN IP is stil 192.168.1.2/24.Please help
-
@dr_tech said in Multiple Gateways on same subnet:
Oh yes, didn't notice that.
this is not entirely the case...
only ICMP question, listen....
-
@dr_tech said in Multiple Gateways on same subnet:
Everything just breaks apart, NAT stops working, pfSense starts acting sort of like a switch,
there may be serious configuration deficiencies ...
I suggest you try to install only one WAN interface firstand let us see that this behaves, because basically this is a dual-NAT configuration
-
@DaddyGo said in Multiple Gateways on same subnet:
I suggest you try to install only one WAN interface first
I did that, and until that point it works fine. (Pleas refer to my previous post)
As soon as I add the second gateway, and set up the firewall rules to divert traffic through the second gateway, I stop seeing the first hop as the IP of pfSense.
@dr_tech said in Multiple Gateways on same subnet:
all traffic was being routed through the pfSense box :
(Only the first gateway - 10.1.0.1 Campus Network Installed)
-
@dr_tech said in Multiple Gateways on same subnet:
Pleas refer to my previous post
try something please do this:
-
@DaddyGo said in Multiple Gateways on same subnet:
try something please do this:
I have already set it as automatic, the moment I added a second gateway.
-
-
@DaddyGo said in Multiple Gateways on same subnet:
do you want to say / 24
No, I meant that the subnet for my LAN is 255.255.0.0, not the default /24 block. But regardless, even if I try the 24 block, I face the same issue.
-
Ohhh...OK
if you think,..... I have a couple of lab pfSense units, I'll try to model your problem tomorrow...
we have saturday night at 9pm and my wife is waiting with a bottle of wine...is this right for you?
btw:
what is a brief description of your hardware? -
@DaddyGo said in Multiple Gateways on same subnet:
we have saturday night at 9pm
Sure, Have a nice weekend !!
My hardware :
Router 1 (College Router) : Asus RT-AC53 (10.1.0.1)
Router 2 (ISP Router): TP-Link Archer C1200 (10.1.0.2)pfSense: Running on VMWare ESXi (with an Intel i350-T4 passed through)
Port 1 : Input from Asus RT-AC53
Port 2 : Connected to a Switch (pfSense LAN 192.168.1.0/24) -
@dr_tech Where is your connection from pfSense to the ISP router?
-
This post is deleted! -
@kkrazyken
Router 1 and Router 2 are connected to each other (DHCP turned off on router 2). This was so that I could just switch the gateway address on my phone/laptop to access blocked websites quickly, without changing the network.That is the reason why Router 1 is at 10.1.0.1/16 and Router 2 at 10.1.0.2/16.
-
@dr_tech I see, two Gateways on the same WAN interface. On the WAN interface page, what is the GW set to there? Does changing it make a difference?
-
As @johnpoz likes to say, that setup is bonkers ;)
Yes you can use multiple gateways on a single WAN that's right, but it makes things complicated, as PF rules are setup to e.g. reply on the interface. But reply-to whom? The GW that is set up with the WAN IF is used primarily for many thing. If that's not the wanted you have to get those two Gateways to separate interfaces and add a second WAN interface to properly use MultiWAN the right way. Why are both gateways in the same subnet anyways? Is that necessary for anyone?
I'd change the IP of the second WAN (the ISP one) and set it up as an additional WAN(2). That way all routing and forwarding functionality can work the right way right from the start including Gateway Groups or port forwardings that otherwise are hard to make work.
-
not bonkers - borked ;) hehhe
https://www.urbandictionary.com/define.php?term=borked
I'd change the IP of the second WAN (the ISP one) and set it up as an additional WAN(2).
This is the correct answer... But doesn't explain why the pfsense lan drops out of the the trace.. So clearly there is info from this puzzle that is missing.
-
So putting the gateways on separate subnets (hence IF) did in fact solve my issue, as reported here : https://forum.netgate.com/topic/156788/possible-to-select-gateway-based-on-url?_=1600096323225
@JeGr said in Multiple Gateways on same subnet:
But reply-to whom
Maybe the mystery lies here in.
-
@dr_tech said in Multiple Gateways on same subnet:
So putting the gateways on separate subnets (hence IF) did in fact solve my issue, as reported here
You are opening another can of worms with incorrect subnet boundaries. Why not simply reconfigure those routers, too and why do they even have to talk to each other. That's a recipe for a (routing) desaster waiting to happen.
-
@JeGr said in Multiple Gateways on same subnet:
Why not simply reconfigure those routers
Because some devices (not mine) directly connected to router 1 have in their routing table certain rules to redirect traffic through 10.1.0.4. Hence those routers need to be on the same subnet.
These routers are shared by around 20 people, in 4 rooms on single floor. Hence I cannot change settings on those routers.
