MultiWan Default route/gateway does not change when interface down.
Actually I have 2.0.2-RELEASE (i386) installed. I want to use the PFsense as a Multiwan failover system.
I have 2 WAN interface and one LAN interface. The WAN interfaces are from different ISP but both have static IP.
I had create a gateway group with this two WAN interfaces assigning different tier for each one. WAN1 tier1 and WAN2 tier2. In the same way I had create the same rule in the firewall for each interface. I´m making a NAT, so every incoming traffic from ports 80, 81 and 443 in both WAN interfaces are redirected to one server with a private IP inside the LAN.
In the other hand, I had create a rule to allow every traffic outcoming outside the LAN.
Everything works properly if both WANs are up, but if the first WAN goes down now there is no traffic to Internet in the LAN server.
Capturing traffic I saw that the problem was the default route (see this list):
Destination Gateway Flags Refs Use Mtu Netif Expire
default 188.8.131.52 UGS 0 1126 1500 bge0
184.108.40.206 220.127.116.11 UGHS 0 174016 1500 bge0
18.104.22.168 22.214.171.124 UGHS 0 176125 1500 bge1
10.100.0.0/16 link#1 U 0 9920 1500 em0
10.100.0.105 link#1 UHS 0 0 16384 lo0
126.96.36.199/25 link#3 U 0 0 1500 bge1
188.8.131.52 link#3 UHS 0 0 16384 lo0
184.108.40.206/27 link#2 U 0 0 1500 bge0
220.127.116.11 link#2 UHS 0 0 16384 lo0
127.0.0.1 link#7 UH 0 47 16384 lo0
18.104.22.168 22.214.171.124 UGHS 0 34 1500 bge1
If everything is UP, the default route is the gateway from the WAN 1 that is the tier1, but this default route dissapear the the interface goes down, so there are traffic incoming and the server answer but this traffic doen´t know how to go out because the default route dissapear instead of create a new default route with the gateway from the WAN2 that is the tier2.
Does anybody know how to solve this problem?
I think the problem is not about the firewall rules and I don´t know why pfsense does not write the new route.
By the way, in the interface definition, I don´t click in the default gateway option because te gateway must change depending the interface.
Thank you for the answers.
I suppose that if nobody answer could happend only two things
1) This is a stupid question because is a configuration mistake.
2) It is a real bug and the pfsense people are working in it.
::) ::) ::) ::) I really think the correct number is the first one ;)
Could anybody help me anyway?
afaik, the default route will never change one a clean install of pfsense.
you probably have a configuration error :)
did you select the gateway-group on your lan firewall rules ?
if you could post the relevant firewall rules & nat rules we might be able to provide an answer.
that said, if you really want to switch default gateways (note: this might have some suprising consequences)
there is a checkbox you can select to do default-gateway-switching. (system–>Advanced--> Miscellaneous --> allow default gateway switching)
I will try to explain my problem with several captures.
I Have 3 different interfaces, WAN, WAN2 and LAN.
As you can see in the captures GW_OPT1 and GW_WAN, I configure both interfaces as a failover system (see Gateway group). The primary interface is the WAN (GW_WAN) because is a connection with 100/100 and he secondary interface is the WAN2 (GW_OPT) because this ISP is only 70/1,5.
Both Interfaces have static IP and are correctly configured.
Actually I have only one server in the LAN. The IP of this server is 10.100.0.83. There are 3 services that this server have, HTTPS (443 port) HTTP ( port 80) and 81 port so I create several NAT rules for each interface WAN and WAN2.
Of course I had create several firewall rules (see LAN rules, WAN rules and WAN2 rules).
If I have the WAN interface UP, I can access to the server perfectly without problem, but the real issue is when the LAN interface goes down ( packet loss) I can not access to the server with the static IP from the WAN2 interaface.
The most interest thing is… At the beginning of this post I had checked the swithing default gateway because I thouth that this could be the solution, and when the WAN goes down, I can not access from the server (10.100.0.83) to internet.
After the heper post, I uncheck that checkbox and now ..when the WAN interface goes down i can access from the server to internet, but in both cases, I can not access from internet to the server...
I double checked the rules and the NAT and are the same for the WAN interface and for the WAN2 interface.
I´m continue thinking that the problem is about the default route, but maybe no, because there are several people that could use this MULTIWAN failover system.
Could anybody told me what i´m doing wrong?
Thank you for all answers.
![GW OPT1.jpg](/public/imported_attachments/1/GW OPT1.jpg)
![GW OPT1.jpg_thumb](/public/imported_attachments/1/GW OPT1.jpg_thumb)
![GW WAN.jpg](/public/imported_attachments/1/GW WAN.jpg)
![GW WAN.jpg_thumb](/public/imported_attachments/1/GW WAN.jpg_thumb)
![GW Group.jpg](/public/imported_attachments/1/GW Group.jpg)
![GW Group.jpg_thumb](/public/imported_attachments/1/GW Group.jpg_thumb)
![NAT (port forwarding).jpg](/public/imported_attachments/1/NAT (port forwarding).jpg)
![NAT (port forwarding).jpg_thumb](/public/imported_attachments/1/NAT (port forwarding).jpg_thumb)
The next attached files that I made reference in my post
![LAN Rules.jpg](/public/imported_attachments/1/LAN Rules.jpg)
![LAN Rules.jpg_thumb](/public/imported_attachments/1/LAN Rules.jpg_thumb)
![WAN Rules.jpg](/public/imported_attachments/1/WAN Rules.jpg)
![WAN Rules.jpg_thumb](/public/imported_attachments/1/WAN Rules.jpg_thumb)
![WAN2 Rules.jpg](/public/imported_attachments/1/WAN2 Rules.jpg)
![WAN2 Rules.jpg_thumb](/public/imported_attachments/1/WAN2 Rules.jpg_thumb)
![Routing table 1.jpg](/public/imported_attachments/1/Routing table 1.jpg)
![Routing table 1.jpg_thumb](/public/imported_attachments/1/Routing table 1.jpg_thumb)
![Routing Table 2.jpg](/public/imported_attachments/1/Routing Table 2.jpg)
![Routing Table 2.jpg_thumb](/public/imported_attachments/1/Routing Table 2.jpg_thumb)
The problem might be in your LAN rules, but I'm not sure. Rather then send traffic back out to the Gateway Group, you might want to create explicit routes that incoming from WAN goes out WAN and incoming from WAN2 goes out WAN2. If I understand Gateway groups properly, traffic going out will always go through the default route.
That's my guess.
That´s the point tim.mcmanus,
as you can see in the captures routing table 1 and routing table 2, the default route disappear once the WAN interface goes down (the Tier1 in the gateway group) so.. how can the packets know where to go out if there are not a default route?
Thank yu for your answer,