Dual WAN w/ DHCP workaround - DNS problems?



  • I have set up my pfSense box I have the T1 (static) as my primary WAN, I also have a Cable modem which gives me an address via DHCP.
    After reading the forums I learned that dual WAN balancing / FO doesn't work right with DHCP. So I put a Win 2003 server box with RRAS between the Cable modem and the pfsense box. The problem is that even now with a psuedo static ip config on the OPT1 (cable/win2k3) I get problems loading webpages when load balancing is enabled.

    I have tried adding static routes for the DNS servers and that doesn't help.

    Current config.
    WAN 209.198.103.165 - gateway 209.198.103.161
    LAN 192.168.1.1
    OPT1 10.0.0.2 - gateway (Win2003 box) 10.0.0.1

    DNS 4.2.2.1 and 4.2.2.2

    static route for dns is:
    4.2.2.1 -> 209.198.103.161
    4.2.2.2 -> 10.0.0.1

    Here are my Firewall rules on the LAN interface
    Proto  Source  Port  Destination  Port  Gateway  Description
    TCP  LAN net *           HTTPS  *  *     
    TCP LAN net * 127.0.0.1 * * Outgoing FTP Traffic 
    TCP LAN net * * 25 (SMTP) *

    • LAN net * * * Cable LoadBalance T1
    • LAN net * * * Cable Failover T1

    the last 2 are the pools I set up in the load balancer
    the monitor ip for the OPT1 on both pools is    73.195.28.1 which is the first hop out of the win2k3 box
    the monitor ip on the WAN for both pools 209.198.103.161

    Like I said above with this setup I get problems loading webpages
    looks like a DNS issue to me.

    What am I doing wrong here.  Since I put in the Router/windows box in front of the Cable it doesn't work any better than when I tried plugging the cable directly into the pfsense box.

    BTW both interfaces are marked up and I can surf the internet on the Windows RRAS box via terminal services through the private network behind the pfSense box.

    Also I am using 1.0.1-SNAPSHOT-02-27-2007
    built on Mon Mar 5 12:08:17 EST 2007

    I did update this from 1.0.1 via the firmware update in the WebGUI. I have read about that messing things up, do I need to install from scratch? (I don't want to do that if possible)





  • I have deleted all pools and firewall rules that were referencing the pools and rebuilt them in many different ways since the Snapshot upgrade.

    Any other ideas?



  • The static route for the dns server at wan is not needed as this is covered by the default route. Remove it. This shouldn't mess things up though.


Log in to reply