MultiWAN (PPPoE) issues
-
Hi there,
we're using two PPPoE connections (one with a dynamic IP and one with a static IP). Every than and now apinger says, that it can't ping the monitor-IP and therefor the associated GW is set to offline. We have floating rules for outbound traffic to allow everything via our gatewaygroup. Even if I configure two external IPs to route via our external interfaces and try to use them as the monitor-IP, I even get this error. We'd like to use pfSense 2.0 RC3 for that project and for eliminating our actual Astaro-Appliance.
Any ideas?
Regards, Tim
-
Odds are your floating rules are too general and may be trying to affect the ping traffic also.
Make rules at the top to pass (quick) outbound to your monitor IPs without setting a gateway, see if that helps. Also make sure your outbound NAT rules are not too general.
Trying to send all traffic from the firewall into a gateway/failover group is likely to be problematic in some ways. It's best to be selective about what you actually try to failover, and make sure both your floating rules and nat rules are not too general/broad.
-
Thanks for your answer.
Finally after updating pfSense to the latest release, the failover gateway group seems to be stable. One odd remains: If I configure the gateways to use a monitor ip, both gateways are switched to offline again. If I try to ping from within my LAN, the ping goes through, but gets cut-off after a while (The gateway responds that the ping is blocked (never seen this ICMP error before)). With the monitor ip disabled, everything works out fine, except for the transparent proxy. But this might be the odd, that we're a onlinegaming company with ~150 active users and only those two PPPoE lines… ;-) We'll try to install a transparent squid on another box and re-route the webtraffic to this box.
Regards, Tim