LAN and WAN2(opt1) work - WAN does not.



  • Greetings all…

    Ok... here's what we have.  I have successfully set up my first pfSense box (many thanks to those who helped through here) and have now been taking it to the next step of dual wan ability.

    My issue here is I have communications through the LAN port and the WAN2(opt1) ports but never the WAN.  I have swapped cards... I have moved cards... I have set up static addresses, I have set up dhcp (ultimately need this to work through PPPOE) and still no communications... if I pull the OPT1(wan2) card out... then I DO have communications.  But as long as the OPT1 card is installed... no dice.  I even mixed up manufactures to insure there was no conflict with same model nic cards (I have seen issues here before).

    The one thing in all instances I have tried to do and can not is to ping from within the webGUI out the wan port to the next hop.  As long as there is a 3rd (opt1) nic I can not do this... the moment I pull that out (physically)... it works.

    Any suggestions?

    Thanks to all



  • minimum "some" information about your network…
    @http://forum.pfsense.org/index.php/topic:

    If you are looking for help on the forum because you have a problem:
    provide as much information as possible.
    (log-outputs, screenshots of config/rules, etc.)
    Often a Diagram (ASCII ART ?) can help more than pages of descriptions how your network is set up.



  • But of course…..

    Status: Interfaces

    WAN interface (rl1)

    Status          up
    MAC address 00:50:22:85:9e:b6
    IP address          nnn.nnn.nnn.10   
    Subnet mask 255.255.255.0
    Gateway          nnn.nnn.nnn.1
    ISP DNS servers dns.dns.dns.dn1
                             dns.dns.dns.dn2
    Media 100baseTX <full-duplex>In/out packets 2/1808 (104 bytes/78 KB)
    In/out errors 0/590
    Collisions 0

    LAN interface (rl0)

    Status          up
    MAC address 00:17:31:a3:6b:2b
    IP address         192.168.10.1   
    Subnet mask 255.255.255.0
    Media 100baseTX <full-duplex>In/out packets 7938/5426 (884 KB/4.18 MB)
    In/out errors 0/0
    Collisions 0

    WAN2 interface (fxp0)

    Status         up
    MAC address 00:90:27:3f:6c:b2
    IP address         xxx.xxx.xxx.34   
    Subnet mask 255.255.255.252
    Gateway         xxx.xxx.xxx.33
    Media 100baseTX <full-duplex>In/out packets 5493/12903 (494 KB/1.52 MB)
    In/out errors 0/0
    Collisions 0

    Load Balancer: Pool

    Name                     Type Servers/Gateways  Port       Monitor             Description

    Both                     gateway     (balance)            wan     nnn.nnn.nnn.nn1
                                                                          opt1    xxx.xxx.xxx.x33    Both lines are up

    WAN1FailsToWAN2    gateway     (failover)            opt1     xxx.xxx.xxx.x33
                                                                          wan      nnn.nnn.nnn.nn1 WAN 2 preferred when WAN 1 fails

    WAN2FailsToWAN1    gateway     (failover)             wan      nnn.nnn.nnn.nn1
                                                                           opt1     xxx.xxx.xxx.x33 WAN 1 preferred when WAN 2 fails

    Status: Load Balancer: Pool
       Pools       Virtual Servers

    Name                    Type Gateways Status                                           Description
    Both                     gateway       wan        Offline Last change Jan 18 2008 21:20:06   Both lines
                                (balance)      opt1        Online Last change Jan 18 2008 21:20:06

    WAN1FailsToWAN2   gateway       opt1        Online Last change Jan 18 2008 21:20:06
                                (failover)     wan         Offline Last change Jan 18 2008 21:20:06  WAN 2

    WAN2FailsToWAN1   gateway       wan         Offline Last change Jan 18 2008 21:20:06  WAN 1
                                (failover)     opt1         Online Last change Jan 18 2008 21:20:06

    Firewall: Rules

    LAN

    Proto Source   Port  Destination   Port  Gateway              Description

    *  LAN net   *    WAN2 net       *    WAN1FailsToWAN2   Make sure wan2 traffic goes to wan2

    *  LAN net   * nnn.nnn.nnn.n33 *    WAN2FailsToWAN1   Make sure WAN1 traffic goes to WAN1   
        * LAN net   *         *       *    Both        Everything else gets shared

    Diagnostics: ARP Table

    IP address          MAC address    Hostname  Interface   
      nnn.nnn.nnn.nn33 00:50:2c:06:5b:40           WAN2
      192.168.10.10         00:11:85:5e:e2:bb             LAN

    Let me know if there is anything you want to see.  I have masked the IP's however the names are consistant.

    Interesting thing to note... through WAN2 I can remote desktop to a machine on the LAN... however... I can not remote desktop from that LAN machine to the one on the WAN2 side... nor can I ping outbound on WAN2.

    Also... you'll notice the the WAN port does not show up in lists even tho it does show it's enabled and has a valid IP.

    Thanks</full-duplex></full-duplex></full-duplex>



  • *  LAN net   *    WAN2 net       *    WAN1FailsToWAN2   Make sure wan2 traffic goes to wan2     
    *  LAN net   * nnn.nnn.nnn.n33 *    WAN2FailsToWAN1   Make sure WAN1 traffic goes to WAN1

    I usually do routing like this using static routes, not firewall rules.

    As long as the WAN gateway does not show up in the arp tables, you are not getting a physical connection and the WAN will not work. From your description, it looks like a hardware problem - maybe IRQ related. Try turning off anything not needed by pfsense in the bios. this can be audio, floppy ….if that does not help then upgrade bios.


Locked