IRC via multiple WAN



  • I am having issues when I'm connecting to a IRC server and wanting to use the OPT1 (secondary WAN) interface rather then my WAN interface.

    Every time I connect to an IRC server, it chooses the WAN interface. However, I am confused as to why it does this since on my firewall/policy route rules state that anything coming from the LAN subnet (which is the PC connecting to the IRC server) has a default gateway set to the OPT1 interface, not the WAN interface (this is the only rule that exists for the LAN subnet).

    Is there a reason as to why this is happening?



  • Hi

    Even I had a similar problem but not with IRC. you could try out sticky connections enable (in Advance Menu). please refer to the Multi WAN page of the tutorial (Load balancing)

    Cheers
    Manjula



  • Did you try resetting states after you made that change? Also are you running any packages on your pfSense that might interfere with that traffic?



  • @hoba:

    Did you try resetting states after you made that change? Also are you running any packages on your pfSense that might interfere with that traffic?

    I have, and I also rebooted just to be sure, however there is no difference. Also, I don't have packages that would seem to interfere with IRC in anyway. The packages that I have installed are arping, imspector, nut, and phpSysinfo.

    I'll provide you with something to work with:

    Here is a traceroute capture from the machine that is connecting to IRC. I have done a traceroute to ' efnet.teleglobe.net ':
    traceroute to efnet.teleglobe.net (66.198.80.67), 30 hops max, 40 byte packets
    1  74.X.X.X (74.X.X.X) 37.932 ms  38.140 ms  38.131 ms
    gi-15-0-4.gw01.wlfdle.phub.net.cable.rogers.com (66.185.93.85)  38.098 ms  38.087 ms  59.527 ms
    so-3-0-0.gw02.wlfdle.phub.net.cable.rogers.com (66.185.80.130)  59.518 ms  59.455 ms  59.432 ms
    4  24.153.5.234 (24.153.5.234)  81.119 ms  81.110 ms  81.093 ms
    if-15-0.core4.AEQ-Ashburn.teleglobe.net (209.58.27.33)  95.288 ms  95.274 ms  95.485 ms
    if-4-1-0-723.mcore3.NYY-NewYork.teleglobe.net (216.6.42.62)  109.920 ms  77.830 ms  77.817 ms
    Pos-channel1.mcore4.MTT-Montreal.teleglobe.net (216.6.81.18)  78.020 ms  78.244 ms  78.195 ms
    8  * * *
    9  * * *
    ..etc…

    Now, on the same machine .. I will connect to efnet.teleglobe.net, but get a different IP other then my 74.X.X.X IP:

    • [testing12] (~testing12@209.X.X.X): 1234
    • [testing12] efnet.teleglobe.net :O'er the land of the free & the home of the brave
    • [testing12] 209.X.X.X :actually using host
    • [testing12] idle 00:00:07, signon: Thu Mar 20 21:04:41
    • [testing12] End of WHOIS list.

    =============================

    Same situation with another IRC server, irc.tomsk.net from Russia:

    traceroute to irc.tomsk.net (217.29.87.254), 30 hops max, 40 byte packets
    1  74.X.X.X (74.X.X.X)  45.451 ms  45.421 ms  45.400 ms
    gi-15-0-4.gw01.wlfdle.phub.net.cable.rogers.com (66.185.93.85)  45.335 ms  45.357 ms  45.522 ms
    so-2-3-0.gw02.bloor.phub.net.cable.rogers.com (64.71.240.106)  45.490 ms  45.683 ms  45.671 ms
    gw02.bloor.phub.net.cable.rogers.com (66.185.80.5)  45.415 ms  45.613 ms  45.829 ms
    pos-1-0-0.igw01.vaash.phub.net.cable.rogers.com (66.185.80.190)  95.148 ms  95.132 ms  95.184 ms
    equinix.ash.cw.net (206.223.115.73)  109.649 ms  105.347 ms  105.337 ms
    so-4-0-0-dcr2.nyk.cw.net (195.2.10.234)  105.321 ms  105.507 ms  148.710 ms
    so-5-0-0-dcr1.nyk.cw.net (195.2.10.241)  148.676 ms  148.656 ms  148.848 ms
    so-2-0-0-dcr2.tsd.cw.net (195.2.10.110)  206.819 ms  207.027 ms  206.991 ms
    10  transtele-gw.lnt.cw.net (166.63.222.66)  206.716 ms  226.485 ms  226.467 ms
    11  ZSTTK-tmk.transtelecom.net (217.150.52.145)  320.631 ms  320.628 ms  295.747 ms
    12  ge0-1-23.ll-tmk.zsttk.ru (82.200.1.85)  295.960 ms  295.945 ms  296.117 ms
    13  gw-stack.ll-tmk.zsttk.ru (82.200.1.86)  273.622 ms  273.604 ms  273.584 ms
    14  c3750-v11.tomsk.net (217.29.87.174)  266.296 ms  266.273 ms  266.224 ms
    15  irc.tomsk.net (217.29.87.254)  273.275 ms  273.259 ms  253.781 ms

    • [testing1234] (~testing12@209.X.X.X): 1234
    • [testing1234] irc.tomsk.net :Tomsk IRC Server, RusNet IRC network
    • [testing1234] Charset translation is NONE
    • [testing1234] idle 00:00:27, signon: Thu Mar 20 21:07:28
    • [testing1234] End of WHOIS list.

    I'll post the LAN rules and the routing table of the pfsense box shortly…



  • LAN Rules:

    Proto | SRC | SRC Port | DST | DST Port | GW | Description

    • | LAN net | * | DMZ net | * | * | LAN <-> DMZ (10.54.1/26)
    • | LAN net | * | WIFI net | * | * | LAN <-> WIFI (192.168.54/24)
    • | LAN net | * | * | * | OPT | Default GW -> OPT (74.X.X.X)

    Route Table:

    Destination Gateway Flags Netif
    default   216.X.X.X   UGS ng0   <– WAN (209.X.X.X)
    10.54.1/26 link#1   UC   em0   <-- LAN
    10.54.1.64/26  link#5 UC rl0
    74.X.X/25 link#2   UC   xl0     <-- OPT Interface (74.X.X.X)
    74.X.X.X <mac>    UHLW  xl0      <-- OPT Interface (74.X.X.X)
    74.X.X.X 127.0.0.1 UGHS lo0
    127.0.0.1 127.0.0.1 UH   lo0
    209.X.X.X lo0         UHS   lo0
    216.X.X.X 209.X.X.X UH ng0 <-- WAN (209.X.X.X)

    209.X.X.X = WAN (Static)
    74.X.X.X = OPT Interface (DHCP)

    I am under the assumption that IRC simply looked at the default GW of the routing table and went with that instead??</mac>



  • Does imspector listen for irc too? If yes this is the reason it goes out through WAN.



  • @hoba:

    Does imspector listen for irc too? If yes this is the reason it goes out through WAN.

    • [testing1234] (~testing12@etc-etc-etc.cable.rogers.com): 1234
    • [testing1234] irc.tomsk.net :Tomsk IRC Server, RusNet IRC network
    • [testing1234] Charset translation is NONE
    • [testing1234] idle 00:00:13, signon: Thu Mar 20 22:04:53
    • [testing1234] End of WHOIS list

    That fixed it!

    I appreciate the help!
    Thank you…



  • All services running at the pfSense itself (like imspector) will always use the main wan only. They are not (yet) multiwan capable. Something to keep in mind when using packages that interfere with traffic  ;)


Locked