Problem Routing Multi-Wan/Multi-Lan Not Working

Narcomed

Fisrt sorry for my english… I already try the french forum (My native language) but I have not found an answer.

I Can't Ping Router1 with Gw2 and Router2 With GW1 I don't understand.

I can ping correctly from the Switch and with OpenVPN. Thank you for your help.

Version of Pfsense

Internet1 –- Router1 --- SW1 --- GW1
                                                |
Internet2 --- Router2 --- SW2 --- GW2

Configuration Gateway Group FailOver

Firewall of LAN Interface

Interface

Ping results

Narcomed

Nobody has a solution?

Tnx

Narcomed

Little Up…

Router1: 192.168.11.254
Router2: 192.168.12.254

WAN 1: 192.168.11.1
WAN 2: 192.168.12.1
LAN : 172.16.125.XXX

PC CLIENT=172.16.125.XXX

IN PFSENSE GUI

192.168.11.1 vs 192.168.12.1 = YES
172.16.125.251 VS 192.168.12.1 = YES
172.16.125.251 VS 192.168.11.1 = YES
172.16.125.251 VS 192.168.11.254 = YES
172.16.125.251 VS 192.168.12.254 = YES

192.168.11.1 vs 192.168.12.254 = NO
192.168.12.1 vs 192.168.11.254 = NO

Ping IN CMD WINDOWS

PC CLIENT (.125.XXX) vs 192.168.12.1=YES
PC CLIENT (.125.XXX) vs 192.168.11.1=YES
PC CLIENT (.125.XXX) vs 192.168.11.254=NO

I try the outbound Nat the manual mode, but without success.

Tnx for help  :)

Narcomed

Update

I modify the Nat Outbound and Wan can ping other Wan but i can't ping Other subnet Wan with my Client PC…  :-\

heper

what exactly are you trying to accomplish?

it's not clear what you are trying to do, or what it is exactly that does not work.

Narcomed

Tnx heper for reply.

I have 2 Wan

Internet –---- Router1 (192.168.11.254) ------ GateWay1 (Wan1-192.168.11.1)

Internet ------ Router2 (192.168.12.254) ------ (Gateway2 (Wan2-192.168.12.1)

so my problem is that, I can't ping Router1 (WANISP01GW) and my failover don't work

heper

Gateway LAN : 172.16.125.251

you shouldn't specify a gateway on your LAN interface
also, set outbound nat back to automatic. those NAT rules in the screenshot don't make any sense at all ;)

also it is perfectly normal that you can't ping GW2 from WAN1 and that you can't ping GW1 from WAN2. Why would you want to do that?

If you want to provide simple failover, then  all you need is
-2 WAN interface with each there own gateway-
-a LAN interface WITHOUT a gateway specified
-a gateway-group 
-a firewall rule on the LAN tab ( PASS any–>any | GW: gateway-group-X )

enjoy

Narcomed

My mistake for Gateway Lan …

I should be able to ping all the interface for access to the devices with my computer.

I will retest tomorrow for failover

phil.davis

Inn addition to heper's instructions,
Before your policy-routing rule/s you probably just need ordinary pass rules for:
Pass source LANnet destination WAN1net
Pass source LANnet destination WAN2net

Then that local traffic will go to the ordinary routing table, and you will be able to ping from LAN to WAN1 and LAN to WAN2.

At the moment, the pass everything to failover-gateway-group rule will force it all to WAN2 (when WAN2 is up) and even ping to WAN1 will be pushed out WAN2.

Narcomed

I set outbound to automatic

I set pass rule for

Pass source LANnet destination WAN1net
Pass source LANnet destination WAN2net

and…. roll drum... !!

BINGO !!!!!

I Can ping  WAN1Net and WAN2net

I'm very very !! Happy... I test Failover tomorrow... i come back with news.

Narcomed

phil.davis and heper you are my heroes !!!!

It works now! Ping and failover. After months of work, research and testing this is now settle. A big thank you to you

Merci !

If you want to provide simple failover, then  all you need is
-2 WAN interface with each there own gateway-
-a LAN interface WITHOUT a gateway specified
-a gateway-group 
-a firewall rule on the LAN tab ( PASS any–>any | GW: gateway-group-X )
Pass source LANnet destination WAN1net
Pass source LANnet destination WAN2net

heper

c'est rien

jimgdp

Hello guys,

I am new to the use of pfSense and I have a similar problem that had narcomed but with some differences in my diagram.

I have 3 NIC:

• Wan ( 2 gateways from different ISP )
• L2L ( Connect with other sites )
• Lan (servers + some users)

What I'd like to do is make my servers (with an alias) use GW1 (with public IPs) and users go through GW2. Load balancing is not a problem as I have already used it and works like a charm but using 2 NICs for 2 WANs not with a Single NIC and two gateways as now. Te problem is that in all traffic to internet is always using the default gateway and not the one I specified in Lan Rules. I tried with Floating rules and it worked but it's not possible to filter using a Source IP that is what I need.

My WAN configuration:
  WAN: 172.16.2.2 ( Multi + Public IPs from GW1 )
    GW1 : 172.16.2.1 ( Default )
    GW2 : 172.16.2.10

What I want :

Servers - > GW1 -> Internet
Users - > GW2 -> Internet

Failed attempts :

| Src | Gateway |
| Alias_Servers | GW1 |
| Alias_Users | GW2 |

None of them has indeed, everyone always use the default gateway.

I know it's not the best network distribution however is what I get for now, we can not make big changes yet. Hope someone can give me some guidelines to setup this.

Cheers

heper

multiple gateways in the same subnet do not work.