WAN Failover (OPT1 gateway goes offline on WAN down)



  • Hello, Per the instructions I have found online for the latest verision of pfsense 2.02 (2.01 as well) I have attempted to setup WAN failover with no success. I have WAN port forwarding rules and previously had a floating rule. I would describe my situations and steps as follows:

    At first I wasn't able to create a second gateway and gateway group without both gateways going down. I removed the floating rule I have for VOIP traffic QOS and this seems to have fixed this.

    The problem now is that when I unplug the WAN interface both gateways go down. I setup the second gateway option under advanced settings to allow switching. The LAN traffic first rule is to route traffic through the gateway group and one is set too tier 1 and the other tier 2.

    While writing this i thought perhaps the block bogon and RFC networks  might be the problem; as the second interface is connected to a DSL router so its a 192.168 address, except that if this were the problem when everything is plugged in the OPT1 interface gateway wouldn't be able to be reached as well but when WAN is up both gateways are reachable both interfaces are up. when WAN is unplugged gateway goes down and it looks as if the OP1 interface looses its IP as well (the OPT1 interface is setup to DHCP and it goes to 0.0.0.0) though it still shows as "up/green" in the dashboard.

    Do i need to setup failover before applying any firewall rules? Could someone give me some insight as this is driving me nuts!



  • I'd start by trying the "latest" 2.03 release.



  • given that 2.01 and 2.02 hasn't worked and nothing in the changlelog suggests that 2.03 would be any different; though i will try it, do you have any other suggestions? The only obvious thing I can think of is that the OPT1 GW monitoring is being routed over WAN and thus when the WAN goes down the OPT1 interface cannot failover becuase it "thinks" its down as well. Tutorials online make this look pretty straight forward and I am not a novice *nix networking. I would get the professional support on this to help, but i think it's a bit ridiculous to pay $500 to set something up that, based on PFsense tutorials I am clearly setting up correctly… Can someone who has successfully set this up with pre-existing NAT port forwarding firewall rules provide any input to this? I can pay to have someone fix this but $500 is a bit much, the rest of my install is base/default.



  • There is alot I'm missing obviously, and everyone else I'm sure.  Rather than using a long dialogue to explain your setup, why not diagram your network.  Making sure its plain when pfsense is NATed or not, what ISPs are present, what the gateway addresses are for both your WANs, which IPs are on your WANs and how you want everything to work.  Its very hard for people to visualize the network based on paragraphs of dialogue.










  • If you need a further diagram let me know… if anyone knows a good software program (free/perhaps online) for drawing a quick one let me know...
    basically local network is 10.2.24.0/24   the real LAN range is 10.2.27.1-255 though /24 is allowed        /          DSL (OPT 1) is on DHCP 193.168.x.1 (OPT1 is connected to DSL modem/router)                     and static WAN is 50.XXX.5X.121/29 Default GW is .126        bogon RFC is not turned off)