Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Nat in failover works only when the WAN1 is up

    NAT
    1
    2
    1783
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • _
      __Fox__ last edited by

      Hi, I've got a PFSense 1.2.3 release with 1 LAN and 2 WAN
      WAN1 is a PPPoE with a static IP
      WAN2 is an ADSL with a cisco router (wan2 is 10.0.0.10, cisco LAN il 10.0.0.1, cisco wan have the static ip and all the ports are natted to 10.0.0.10)
      LAN1 is 192.168.1.x

      I've got 2 failover pools
      WAN1 to WAN2
      WAN2 to WAN1

      I've got the same nat both on WAN1 and WAN2 that goes to a server in the internal network
      (for example port 25 both from wan1 and from wan2 point to 192.168.1.100)

      All works fine if WAN1 is UP.

      I can go out from wan1 or from wan2 without problem, i can came in to port 25 trought both the pubblic ip address of WAN1 and WAN2.

      The problem is that when WAN1 goes offline ("disconnected".. is a pppoe). the internal pcs correctly goes on internet trought WAN2, but the WAN2 nat, that works fine until the WAN1 was UP, doesn't work anymore!

      Do you have any suggestion?

      Thanks

      1 Reply Last reply Reply Quote 0
      • _
        __Fox__ last edited by

        nobody have any suggestion?

        new test:
        Wan1 (PPPoE) off, try to telnet from outside to port 25 on WAN2 IP. The correct rule is trigged:
        The rule that triggered this action is:
        @94 pass in log quick on bge0 reply-to (bge0 10.10.10.1) inet proto tcp from any to 192.168.1.7 port=smtp flag S/SA keep state label "USER_RULE:NAT SMTP FROM WAN2"
        but the packet don't pass…
        same test with WAN1 ON, the same rule is trigged and the packet correctly pass..

        Thanks

        1 Reply Last reply Reply Quote 0
        • First post
          Last post

        Products

        • Platform Overview
        • TNSR
        • pfSense
        • Appliances

        Services

        • Training
        • Professional Services

        Support

        • Subscription Plans
        • Contact Support
        • Product Lifecycle
        • Documentation

        News

        • Media Coverage
        • Press
        • Events

        Resources

        • Blog
        • FAQ
        • Find a Partner
        • Resource Library
        • Security Information

        Company

        • About Us
        • Careers
        • Partners
        • Contact Us
        • Legal
        Our Mission

        We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

        Subscribe to our Newsletter

        Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

        © 2021 Rubicon Communications, LLC | Privacy Policy