Failover WAN not working properly
-
The pi hole is just like any other LAN based device, except that it only communicates over 'destination port 53'.
Do you mean all communication stops ?
-
I can still ping stuff and access websites by IP, but not by domain. As soon as I switch the gateway on the firewall rule back to Default, everything works normal again.
-
@teefos said in Failover WAN not working properly:
As soon as I change the gateway away from "default" to "PreferWAN1" on the LAN firewall allow all rule
This rule directs any traffic to the WAN1 gateway. You may have to add an additional rule to the top for allowing DNS to the Pi hole.
-
@viragomann That worked, thanks guys!
Would you care to explain why I had to add that rule to the top? WAN1 is already set as the default gateway in the general settings, so why would it be different when using the gateway group (which in turn uses WAN1?)
-
@teefos
When you state a gateway in a firewall pass rule, it directs any matching traffic to that gateway or even to the active one out of the gateway group (Policy Routing).
So the packets won't reach your internal pi hole.For passing internal traffic between interfaces you need to set the gateway option to "default".
-
@viragomann I see.
I have several VLANs and some of them can communicate freely right now using any rules on each VLAN. If I understand you correctly, after changing the gateway away from Default on the other VLANs as well, I will have to create additional allow rules applied on top, for them to still be able to communicate with each other?
-
@teefos
It's pretty not clear why you want to specify a gateway in the rules at all. I can't see any reason for that.If you state a gateway you lose benefit of the failover group.
-
@viragomann I thought that's what I had to do to enable the failover functionality.
Or is it this one I need to change?
-
@teefos
You have to select the failover group there. -
@viragomann Well that's great. Thank you so much
