[Updated] Problem with outbound routing



  • I have a pfsense 1.2-RC2, with two WAN interfaces and one LAN. I've set up load balancing according to the HOWTO, and it works fine; if I disconnect WAN1, traffic goes out over WAN2 without trouble. WAN1 is SDSL, WAN2 is ADSL. They're both configured the same way, with PFsense –> DSL router, with subnets allocated by the ISP:
    WAN1 IP 11.22.33.44, gateway 11.22.33.43
    WAN2 IP 22.33.44.55, gateway 22.33.44.54

    What I want to do now is get all HTTP traffic to go out over the ADSL line, to free up some space. I've read all the instructions/posts here, and done what I think is right:
    Firewall Rules –> Lan
    Action: pass
    Interface: Lan
    Protocol: TCP
    Source: Lan subnet
    Destination: Any
    Destination port: HTTP
    Gateway: 22.33.44.54 (WAN2 gateway)

    This is at the top of the rules list, before the load balancer/failover rule.

    Yet when I visit a website, all traffic is going out via WAN1. I go to http://www.whatismyip.com/, and it tells me the WAN1 IP; http://www.speedtest.net/ shows my upload speed at 2Mbps, which means it's using the SDSL line.

    I've checked and double-checked the instructions and settings, and can't figure out why it isn't being routed properly. Any pointers appreciated - I can't say if it's a setup problem or if I just missed something silly. Presumably I don't need to do anything with outbound NAT for this to work, other than what I already did for load balancing?



  • Update: I installed RC3 and rebooted, and HTTP now seems to be going through WAN2. I don't know if it was the software update or the reboot that did it - anyone?



  • I've been away for the last couple of days, but I came back and looked over the RRD graphs to see how the traffic had changed. It seems that the pfsense box has now reverted to sending HTTP traffic through WAN1, even though it's configured to use WAN2. It used WAN2 for a while, then swapped to WAN1 without warning or instruction. I don't know if this is because WAN2 dropped for a while (according to the load balancer logs), but that shouldn't affect it.

    Does anyone know why this might be happening, or what I could do to force it to use WAN2? Help appreciated…



  • Bump

    Still at a complete loss on this one - I've set HTTP/HTTPS to go via WAN2, rebooted, double- and triple-checked rules and rule order, but everything is still going out through WAN1 (even when I explicitly disabled the load-balancers). Anyone have any experience of this?


Log in to reply