Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Default Route issues with MultiWan (2.0-RC3 32bit)

    Scheduled Pinned Locked Moved Routing and Multi WAN
    1 Posts 1 Posters 2.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jls
      last edited by

      Hi all,

      Looking for some help with this issue I have run into.

      Current Setup is as follows +diagram

      MultiWan with Carp
      Core1 Net xx.xx.204.0/29 -> Carp Address xx.xx.204.4/29
      Core2 Net xx.xx.204.8/29 -> Carp Address xx.xx.204.12/29

      NAT Lan
      LAN Net 10.50.58.0/24 -> Carp Address 10.50.58.233/24
      Client in LAN with gateway set to Carp Address

      Routed Subnet DMZ
      DMZ Net xx.xx.204.128/26 -> Carp Address xx.xx.204.129/26
      Server in DMZ with gateway set to Carp Address

      The cloud is a multi router environment all talking OSPF to the Core Switches. The firewalls do not talk OSPF.

      Now the Details….
      Note: Changing the CARP master has no affect on the following.

      Condition, ALL OK

      NAT traffic works
      DMZ traffic both in and out works
      Pings to all the public firewall interfaces work from a router in the cloud.

      Fail condition one (Core Switch 2 FAILED)
      Note: static route xx.xx.204.129/26 -> xx.xx.204.12 on Core Switch 2 falls out of OSPF, cloud only sees route via Core Switch 1

      NAT traffic works
      DMZ traffic in and out works
      Pings to Carp Address xx.xx.204.4 work
      Pings to firewall interfaces in the Core2 Net xx.xx.204.8/29 fail (Because its down)

      Fail condition two (Core Switch 1 FAILED)
      Note: static route xx.xx.204.129/26 -> xx.xx.204.4 on Core Switch 1 falls out of OSPF, cloud only sees route via Core Switch 2

      NAT traffic works
      Pings to firewall interfaces in the Core1 Net xx.xx.204.0/29 fail (Because its down)
      DMZ traffic out works, traffic in from cloud fails.
      Pings to firewall interfaces in the Core2 Net xx.xx.204.8/29 fail (See just below)

      When in this fail condition, if I manually force the default route on the firewalls to the Core 2 network, DMZ traffic and pings start working. (on a side note, the system cant check for its own updates when in this state)

      How do I get the fail over system to modify the default route so that when Core Switch 1 goes down it sets the default route to the secondary Wan (Core2) connection. (and vice versa) ??? or am I missing something basic?

      Also settings screenshots attached, let me know if you need any others.

      Cheers
      Josh

      Status_OK.png
      Status_OK.png_thumb
      System_Gateways.png
      System_Gateways.png_thumb
      Status_Gateway_Groups.png
      Status_Gateway_Groups.png_thumb
      Firewall_Rules_LAN.png
      Firewall_Rules_LAN.png_thumb
      Firewall_Rules_DMZ.png
      Firewall_Rules_DMZ.png_thumb
      Routing_Table.png
      Routing_Table.png_thumb
      NAT_Outbound.png
      NAT_Outbound.png_thumb

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.