WAN Incoming Failover Fails
-
And so, no one use nat in from multiple lan? :-[
-
Hi, i've got the same problem… http://forum.pfsense.org/index.php/topic,23391.0.html
can you confirm that with the embedded version the nat from opt interface still works also without WAN1 UP?
Thanks
No, as it seems I cannot confirm it. It appears that 1.2.3 embedded behaves in the same fashion (which makes sense I suppose).
We are in the process of replacing our pfSense PC boxes with Alix boards. We performed yesterday one such migration (using the backup/restore feature) and we found that the Alix pfSense behaved in the same way.
The only difference we saw was that this time it took some seconds (maybe minutes) before WAN2 stopped being responsive: we unplugged WAN, and we could still ping WAN2 for some time until it stopped.
This time lag may be the reason that I initially reported that the embedded version was behaving differently. Perhaps I didn't wait long enough at the time, we will try to repeat the test next week and report back.
PS. I asked the same question to Tom Schaefer's blog (http://www.tomschaefer.org/web/wordpress/?p=538#comment-576) and the reply Tom gave was "Make sure your resetting the states or rebooting. The reason you have to reset the states or reboot is to enforce the settings you have made. Pfsense will hold on to connections until they timeout and thus your rules will not apply. That is why the pfsense team recommends you reboot or reset the state table. This applies to firewall settings."
And provided the link: http://forum.pfsense.org/index.php/board,21.0.html for more information.
I have not tried yet to just reset the states or to wait long enough to see if things would be fixed after a timeout… maybe next week as I said.
-
I tryed to reboot the pfsense box with the WAN offline and the result is the same… no nat in.
:-\ -
I tryed to reboot the pfsense box with the WAN offline and the result is the same… no nat in.
:-\How about resetting the states? (Diagnostics -> States -> Reset States tab)
Do you have perhaps the possibility of also trying this out?
-
Yes… I tried now..
not only the nat in doesn't work, but also the outs connections don't come up after the reset :(
[I'm connected to a inside lan pc via a teamviewer connection than works from outside also when WAN fail] -
Yes… I tried now..
not only the nat in doesn't work, but also the outs connections don't come up after the reset :(
[I'm connected to a inside lan pc via a teamviewer connection than works from outside also when WAN fail]I am at a loss myself… Not only can I not explain it, I am surprised that not more people need incoming NAT fail-over.
-
I thought I was the only one..
-
You have to keep link on your WAN, if you lose link it'll do this. Doesn't matter if it's actually up, or what it's plugged into, as long as you have a link light.
-
I'm not sure that this is the problem…
I'm using a PPPoE connection on WAN and the problem come when I disconnect the PPPoE connection from WAN status (or when internet break).. the WAN LINK is ever UP..Thanks
-
Oh, that's likely the same thing with a different symptom, with PPPoE your WAN is actually ng0 not the physical interface, and when you disconnect you lose "link" on that.