Routing table messed up

sai

My load balancer stopped working, all traffic going out just one interface.
I deleted the pools and set them up again, tried all sorts then noticed that  my route table is messed up

Destination Gateway Flags Refs Use Mtu Netif
192.168.2 link#2           UC 0 0 1500 rl1
192.168.2.10 [ip.of.link#4.gw] UGHS 2 112 1500 vr0

Looks like all traffic to The gateway of my OPT1 is routed to the gw of my WAN.

link#1 is my LAN,  link #2 is my OPT1, link#4 is my WAN

How would I go about fixing this?

sullrich

Please describe the WAN types.  For instance, is WAN pppoe?  Is OPT1 Static or DHCP, etc.

BTW: just so you know we do not do multi-wan with routes, it is done with PF.

sai

They are both static.

I think I know why it happened. I have an arrangement with my neighbour that I let him use my ISP when his connection is down. When his connection is up I get to use his ISP as a secondary WAN (on interface OPT1).

His ISP went down for a few days so he was sending traffic through my ISP, via OPT1 (same cable, same interface,so the route table reflects this setup correctly)

Now that his ISP is back up, I want to get the old load balancing setup working again, but the routing table is stuck.

I have rebooted, disabled then enable the OPT1. Anything else to try?

hoba

Loadbalancing doesn't use the routingtable. It uses pf to do portforwards to the upstream gateways of your wans. Are you sure it doesn't work? What does status>loadbalancer report for the links? try tracerouting from behind the pfSense to several locations and see if it takes different paths.

sai

When I traceroute to the website of the ISP behind OPT1 (I have a static route sending packets to their subnet via OPT1) it goes through the WAN ISP.

Loadbalancer status show OPT to be red, offline.

I would have thought that everything used the routing table… :-(

I can reset to factory default, and reload the config, but prefer to solve this.

sai

I changed the WAN ip address to something totally different. Applied changes. Changed it back.

This got rid of the entries for the 192.168 subnet in the routing table. There was no entry there for this at all even though the OPT ip address and gateway were 192.168.2.10 and  2.11 respectively. So no pings to the OPT work.

I then disabled the OPT interface and then enabled it.

The loadbalancer status for OPT immediately went from red to yellow!

If anyone has a more elegant solution, I'd like to know.

sai

If I add an entry into a Pool such that:

Monitor IP : OPT1's gateway
Interface: WAN

I can reproduce the messed up routing table at will  ::)

So it looks like I made a mistake in the Pool. Sorry to bother you guys, and thanks for the help.

lampie

Use a DNS as a monitor IP NOT your wan* gateway. I had the exact same problem.

I have 4 WAN'S, and pfsense had the habit to allways ignore one gateway. It would work for 1 a 2 seconds and then drop out of the pool. When i changed te monitor IP's to the corresponding WAN DNS server, my problem wnet away :)

Hope this works.  :)

hoba

This sounds like an issue with your gateways either because of not being reliable pingable (because they are under load or have low priority processing pings) or maybe they have some script installed to not be pingable all the time. In general gateways as monitors are working fine but if you see issues trying other gateways is recommended.

sai

Different ISPs have different settings. Each needs to be evaluated for the best pingable ip. My own ISP does not allow me to ping the DNS servers. Sometimes it blocks pings totally.