4. Problem that drives me crazy

Problem that drives me crazy

  • C

    first of all i want to say hi to everyone since i'm new here and i'm a newbie in pfsense !

    here's the problem:

    in our ofice we have 2 pfsense boxes (2 different ISP ) 1 box = WAN+ LAN

    we have 2 isp because we need a reliable connection so practically we use load balancing…

    here's the layout of our network :

    Win server 2008 :dhcp : 192.168.30.0/23

    pf box 1 (WAN+ LAN)
    pf box 2 (WAN+ LAN)

    The Lan subnet on both pf boxes is the same  : 192.168.30.0/23

    pf box 1 ip : 192.168.30.1
    pf box 2 ip : 192.168.30.2

    So we are using these boxes as gateways in Win Server 2008 dhcp route

    BUT i'm having huge problems with the second box (192.168.30.2) , I CAN'T give internet access to LAN

    for 2 weeks i struggle with configurations and rules but with no success

    i can ping from the console the outside world no problems here , i can ping the nic (192.168.30.2) , i can ping any other ip from our network , i can ping from anyother computer fro the network this IP 192.168.30.2 but can't give internet access from this box (192.168.30.2) !!!

    i can connect to the web interface from all other pc's......

    i must add that i tried on a pc the ip , gateway and the 2  DNS given by our ISP and have internet access so the settings are OK!!

    what could be the problem ?!

    aa i almost forgot .....in one of my many tries i enabled the DHCP Server on LAN and surprise surprise i had internet access !!! but when i disabled the DHCP on LAN interface i still haven't got internet access !

    so can anybody please enlighten me , what am i doing wrong ....

    0
  • LAYER 8 Global Moderator

    "so practically we use load balancing…"

    How is having 2 pfsense boxes doing load balancing?

    Why don't you just have 1 pfsense box with 2 wan connections?

    0
  • C

    johnpoz when a pf box is down or hardware failure the users still have internet access through the 2nd pf box….

    but this is not the point....

    why do i have internet access on the 2nd pf box only if i enable the DHCP Server ?? if i disable DHCP server i don't have internet access on LAN......

    i have noticed something else  :  when i manually add the DNS on a pc i have internet access !

    what should i do not to manually add the DNS ?

    0
  • H

    How are you assigning the 2 gateways. Simplistically it sounds as though your DHCP server is giving out *.1 as the gateway - so all the PC's are using it?  Even if you have *.2 as a secondary gateway - it will not be used unless the first one is down.

    Would it not be better to set up CARP to give failover access to both WAN's, even if one PFS box failed?

    0
  • C

    i'm starting to suspect the equipment from my ISP.

    i have an Allied Telesis AT-IMG616BD gateway..

    0
  • N

    CARP on the LAN interfaces would definitely be better here.

    Anyway, the only one reason I can think of for your problem is wrong client settings.

    0
  • H

    Unless I am misunderstanding your setup - as per my earlier answer - it seems your PC's are getting their IP, DNS and gateway settings from the win server.

    If you check on one of the clients (ipconfig from a cmd box) I guess you are seeing a default gateway of 192.168.30.1.

    If you enable the DHCP server on the pfs box - it will give out itself as the gateway.

    Much better to use a CARP arrangement - only one gateway, which would switch from one pfs box to the other if the first failed. You could also use both WAN's simultaneously - rather than only one with your current setup.

    0
  • C

    hackin8 i'm not even conected through win server…... it's just stand alone until i can fix it

    review :

    win2003 server ; dhcp server ->scope->scope options->router : here i added the 2 pfsense boxes acting like gateways 192.168.30.1 ; 192.169.30.2

    192.168.30.1 has no problem ;

    192.168.30.2 - i have internet access on wan  ; i can install packages i can ping outside world from pfsense box ; i can ping the LAN ip from the PC i've conected behind this box;

    but through LAN i have no internet access ; i cannot ping any website ;

    i have added the correct ip , dns's , gateway , subnet mask from the ISP ; i have enabled DNS Forwarder

    when i enable the DHCP server on LAN pfsense i have internet access;

    on the working pfsense box (192.168.30.1) hackin8 you are right when ipconfig i can see default gateway 192.168.30.1 , dns servers , wins servers and so on

    moreover when i disable DHCP on LAN (192.168.30.2) and i add the 2 dns's from my ISP on the pc behind pfsense box I HAVE INTERNET access !

    so what's happening that i have internet access only if i enable DHCP on LAN or i manually add the DNS's on a PC connected to 192.168.30.2 ??

    there must be something that i miss....

    so it must be something wrong with the DNS........

    0
  • N

    It can't be clearer than that  ;D
    Wrong client settings.

    1 - you can't have two default gateways
    2 - you can't use DNS of provider 1 when using Internet from provider 2

    for 1 - use CARP
    for 2 - make your own DNS or use google's 8.8.8.8 or opendns

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy