Failover to 3G problems

erixon

Hallo.
I want to use my 3g modem as failover to my adsl line, but can't getting it to work.
Under interfaces / PPPs i have added my 3g modem. I can see under interfaces that the 3g modem getting an external ip, so i guess that it's ok.
Under System / Routing i have 2 gateways :

3G                 WAN2        10.64.64.0     195.67.199.28                 Interface 3G Dynamic Gateway
WAN (default) WAN 90.XXX.XXX.XXX  195.67.199.27                 Interface WAN Dynamic Gateway

And under System / Routing / Groups

FailOver 3G          Tier2
                WAN      Tier1

Under Status / Gateways i see this:

3G 10.64.64.0 195.67.199.28    Online                Interface 3G Dynamic GatewayOnline

WAN 90.xxx.xxx.x 195.67.199.27    Online                Interface WAN Dynamic GatewayOnline

Under Firewall / Rules / LAN i have 3 rules

ID Proto  Source Port     Destination Port Gateway Queue Schedule Description

*           *        *        LAN Address  22        *            *                          Anti-Lockout Rule
                                                                        80
                                                                      443
          *            LAN net    *              *            *          *            None                      Default allow LAN
                                                                                                                                to any rule

*              *            *              *            *      FailOver      *

I must miss something?. When i disable my adsl, my internet connection is lost

Sorry for bad english.

GruensFroeschli

The rules are processed from top to down.
If a rule catches, the rest below is never considered.
Since you have an "allow all" rule above your rule using the balancer….. ;)

erixon

Thank you, now it's working :-)

marcogi

@GruensFroeschli:

The rules are processed from top to down.
If a rule catches, the rest below is never considered.
[…]

I thought it were the last matched rule to "win". I mean, the rules are all processed from top to down, the last rule matching the packet, catches it.
So, what does the 'Apply the action immediately on match' in the rule editor do?

I'm asking to clarify myself how pfsense works.

Thanks

GruensFroeschli

On which page do you see this option?

The only place i can find the string "Apply the action immediately on match" is for the trafficshaper.

This is about firewall / NAT rules

jimp

@marcogi:

@GruensFroeschli:

The rules are processed from top to down.
If a rule catches, the rest below is never considered.
[…]

I thought it were the last matched rule to "win". I mean, the rules are all processed from top to down, the last rule matching the packet, catches it.
So, what does the 'Apply the action immediately on match' in the rule editor do?

I'm asking to clarify myself how pfsense works.

Thanks

Floating rules are different. Floating rules can either have quick checked to be top-down, or unchecked to be last-match-wins. Floating rules are not used by most people, and are mostly used for traffic shaping.

On every other tab, the rules are processed top-down.