LAN and WAN2(opt1) work - WAN does not.
-
Greetings all…
Ok... here's what we have. I have successfully set up my first pfSense box (many thanks to those who helped through here) and have now been taking it to the next step of dual wan ability.
My issue here is I have communications through the LAN port and the WAN2(opt1) ports but never the WAN. I have swapped cards... I have moved cards... I have set up static addresses, I have set up dhcp (ultimately need this to work through PPPOE) and still no communications... if I pull the OPT1(wan2) card out... then I DO have communications. But as long as the OPT1 card is installed... no dice. I even mixed up manufactures to insure there was no conflict with same model nic cards (I have seen issues here before).
The one thing in all instances I have tried to do and can not is to ping from within the webGUI out the wan port to the next hop. As long as there is a 3rd (opt1) nic I can not do this... the moment I pull that out (physically)... it works.
Any suggestions?
Thanks to all
-
minimum "some" information about your network…
@http://forum.pfsense.org/index.php/topic:If you are looking for help on the forum because you have a problem:
provide as much information as possible.
(log-outputs, screenshots of config/rules, etc.)
Often a Diagram (ASCII ART ?) can help more than pages of descriptions how your network is set up. -
But of course…..
Status: Interfaces
WAN interface (rl1)
Status up
MAC address 00:50:22:85:9e:b6
IP address nnn.nnn.nnn.10
Subnet mask 255.255.255.0
Gateway nnn.nnn.nnn.1
ISP DNS servers dns.dns.dns.dn1
dns.dns.dns.dn2
Media 100baseTX <full-duplex>In/out packets 2/1808 (104 bytes/78 KB)
In/out errors 0/590
Collisions 0LAN interface (rl0)
Status up
MAC address 00:17:31:a3:6b:2b
IP address 192.168.10.1
Subnet mask 255.255.255.0
Media 100baseTX <full-duplex>In/out packets 7938/5426 (884 KB/4.18 MB)
In/out errors 0/0
Collisions 0WAN2 interface (fxp0)
Status up
MAC address 00:90:27:3f:6c:b2
IP address xxx.xxx.xxx.34
Subnet mask 255.255.255.252
Gateway xxx.xxx.xxx.33
Media 100baseTX <full-duplex>In/out packets 5493/12903 (494 KB/1.52 MB)
In/out errors 0/0
Collisions 0Load Balancer: Pool
Name Type Servers/Gateways Port Monitor Description
Both gateway (balance) wan nnn.nnn.nnn.nn1
opt1 xxx.xxx.xxx.x33 Both lines are upWAN1FailsToWAN2 gateway (failover) opt1 xxx.xxx.xxx.x33
wan nnn.nnn.nnn.nn1 WAN 2 preferred when WAN 1 failsWAN2FailsToWAN1 gateway (failover) wan nnn.nnn.nnn.nn1
opt1 xxx.xxx.xxx.x33 WAN 1 preferred when WAN 2 failsStatus: Load Balancer: Pool
Pools Virtual ServersName Type Gateways Status Description
Both gateway wan Offline Last change Jan 18 2008 21:20:06 Both lines
(balance) opt1 Online Last change Jan 18 2008 21:20:06WAN1FailsToWAN2 gateway opt1 Online Last change Jan 18 2008 21:20:06
(failover) wan Offline Last change Jan 18 2008 21:20:06 WAN 2WAN2FailsToWAN1 gateway wan Offline Last change Jan 18 2008 21:20:06 WAN 1
(failover) opt1 Online Last change Jan 18 2008 21:20:06Firewall: Rules
LAN
Proto Source Port Destination Port Gateway Description
* LAN net * WAN2 net * WAN1FailsToWAN2 Make sure wan2 traffic goes to wan2
* LAN net * nnn.nnn.nnn.n33 * WAN2FailsToWAN1 Make sure WAN1 traffic goes to WAN1
* LAN net * * * Both Everything else gets sharedDiagnostics: ARP Table
IP address MAC address Hostname Interface
nnn.nnn.nnn.nn33 00:50:2c:06:5b:40 WAN2
192.168.10.10 00:11:85:5e:e2:bb LANLet me know if there is anything you want to see. I have masked the IP's however the names are consistant.
Interesting thing to note... through WAN2 I can remote desktop to a machine on the LAN... however... I can not remote desktop from that LAN machine to the one on the WAN2 side... nor can I ping outbound on WAN2.
Also... you'll notice the the WAN port does not show up in lists even tho it does show it's enabled and has a valid IP.
Thanks</full-duplex></full-duplex></full-duplex>
-
* LAN net * WAN2 net * WAN1FailsToWAN2 Make sure wan2 traffic goes to wan2
* LAN net * nnn.nnn.nnn.n33 * WAN2FailsToWAN1 Make sure WAN1 traffic goes to WAN1I usually do routing like this using static routes, not firewall rules.
As long as the WAN gateway does not show up in the arp tables, you are not getting a physical connection and the WAN will not work. From your description, it looks like a hardware problem - maybe IRQ related. Try turning off anything not needed by pfsense in the bios. this can be audio, floppy ….if that does not help then upgrade bios.