My backup gateway doesn't work
-
I asked my neighbor to let me use his cable connection as a backup and he agreed and made a guest WiFi network on his router (WAN_BU). I created a Gateway group and added it. I have an Asus Wifi Ethernet bridge that I use to connect to this backup network. The wireless connection seems good but not great.
But when my main WAN (WAN) went down, it didn't work.
Anyone know why? Could it have something to do with double NAT? Looks like the IP address for WAN_BU is a private IP.
I can ping through WAN_BU (see screenshot).
-
Did you use a Gateway group/ create one?
Did you create special filter rules to use it or set it as the default gateway?Cheers
\jens -
@JeGr Thank you. I believe I did do those things. Please see additional screenshots. I did not create any firewall rules but I did set the group as the default gateway.
-
Aye I see, but the question was more along the lines as to why you didn't set it up with two separate interfaces in pfSense itself. Why two gateways in the same IP space on the same interface? I vaguely remember something about that not being recommended or potentially making problems with anything. So if I had no additional NIC to connect the second line to, I'd add a VLAN capable switch in front of them, put both Gigabit lines on a separate VLAN and add that to pfSense as separate WANs with their own gateway.
After separation I'd create the GWGroup on those two lines (let's say WAN1_DHCP / WAN2_DHCP) and test that again. That way outgoing as well as ingoing traffic can cleanly be originated to the corresponding interface (and its upstream gateway) instead of the same interface with both gateways. That could clear up the confusion (and it's the way multiWAN is set up per default) :)
-
Sorry, I'm not following. I have a four port NIC card and am using all 4 ports.
I'm not exactly sure what I'm doing (not a pfSense "expert" by any means) but I do think I have the two WAN networks on different interfaces (WAN and WAN_BU). Are they not?
-
How is your outbound NAT configured? What happens, when you just use that second gateway by default? Have you configured one DNS per gateway like in the docs?
-
@CommonSenseAl said in My backup gateway doesn't work:
Sorry, I'm not following. I have a four port NIC card and am using all 4 ports.
Oh I'm sorry, that was supposed to be an answer to another post about MultiWAN problems. Pardon me for the confusion :)
Could you paste your Gateway Group config if you have any? And what your default gateway is set to?
-
-
@Bob-Dig is this what you are asking? I should check/test again but I don't think I ever got Internet access when trying to use the backup WAN.
I had "none" for the DNS gateway but have now selected a gateway for each DNS (see screenshot). I will try testing this change to see if there is any effect and I will report back if I have any success.
-
@Bob-Dig it seems the DNS changes didn't help.
But maybe this will shed some light? I marked my primary primary gateway as being down to test the backup. The WAN_BU graph seems to show outbound traffic but virtually none coming in when the inbound traffic should significantly exceed the outbound.... it's like the packers are going out (like requests to web servers) but nothing is coming back in? I wonder if this could be an issue with my neighbor's router configuration or security settings (the link which is suppose to provide my backup)?
-
Well still not working.... is the Firewall for my backup interface suppose to look like this?
-
I think I fixed it!!! Changing the Outbound NAT Mode to "Hybrid Outbound" seems to have fixed it.
I don't know why the setting "Manual Outbound" to begin with.
But I am so happy that it's working now! Just one stupid setting can cause so much lost time... but at least I learned from the ordeal.
-
Yes, wasn't clear to me that this wasn't set, because there is always a dot in automatic in your screenshot. The theme must be broken.
-
@Bob-Dig That confused me too.... until I realized that white dot is only the focus indicator. It's the blue dot that indicates what is set/selected.
