Static route not working + connection down rules dont seem to apply. Please Help



  • Having just had to dump my pfSense test box into production to resolve internet connectivity issues I'm happy to say the dual WAN functionality seems to be working quite well, even though it was configured by a pfSense virgin. However I am still having a couple of issues.

    Firstly I have my main internet connection running very slowly and getting horrible 1000+ pings to dns server. (reason for putting pfSense straight into production)
    Now have servers still using this connection so email is still up and running, its just a little slow.
    Have all users running on the backup connection and all is well.

    The issue I have with the connection down rules is I have set my latency thresholds to be from 300-500. It is my understanding from searching the forums here that when latency hits 300ms it should send me a warning notification and at 500 it should show the connection as down. This doesn't happen at all. what am I missing? the only way I could get the connection to show as down was to go unplug the cable. Using the whole failover setup is the main reason I am implementing pfSense so really want to get this working correctly.

    The other issue I have is with the static route I have in place simply being ignored. the route is supposed to send any traffic to the 10.30.0.0/16 network through to another gateway located on my LAN (not pfSense). I couldn't just tell the static route to send to the ip address of that gateway I could only select from the gateways set up in pfSense. So to get around this I set up a gateway located on the LAN interface which it shows as connected and set the static route to send all 10.30.x.x traffic through this. Why wont it work? Ive also set the Bypass firewall rules for traffic on the same interface option and still no go.

    So there you have it. It's probably something simple I've missed but you'll have to forgive me. This is my first time dealing with any router config beyond simple port forwarding on SoHo all-in-one devices. I've spent days searching for answers to this but must be asking the wrong questions. Look forward to getting these issues resolved. Let me know if any further info is required.

    Thanks,

    Daniel.


  • Rebel Alliance Developer Netgate

    Check your gateway group and see what you have the trigger set to. Odds are you have it on "member down" when what you really want is "packet loss or high latency".

    As for your static route, check here:
    http://doc.pfsense.org/index.php/Multi-WAN_2.0#Policy_Route_Negation



  • @jimp:

    Check your gateway group and see what you have the trigger set to. Odds are you have it on "member down" when what you really want is "packet loss or high latency".

    As for your static route, check here:
    http://doc.pfsense.org/index.php/Multi-WAN_2.0#Policy_Route_Negation

    Gateway groups now set to packet loss/high latency. thanks. cant believe I missed something so simple ::) facepalm

    Static route. Added firewall rule and that works great. Not sure what the point of the static routes section under system>>routing is for then. seems like it should do the same thing. But as long as it works with the firewall rule set I'm happy.

    Thanks for the assistance.


  • Rebel Alliance Developer Netgate

    For policy route negation you add a rule without the gateway defined, that way it respects the system's routing table.

    If you have a rule with a gateway set, the traffic will go through that gateway, ignoring any other routes. (Just doing what it's been told)


Log in to reply