IRC via multiple WAN
-
I am having issues when I'm connecting to a IRC server and wanting to use the OPT1 (secondary WAN) interface rather then my WAN interface.
Every time I connect to an IRC server, it chooses the WAN interface. However, I am confused as to why it does this since on my firewall/policy route rules state that anything coming from the LAN subnet (which is the PC connecting to the IRC server) has a default gateway set to the OPT1 interface, not the WAN interface (this is the only rule that exists for the LAN subnet).
Is there a reason as to why this is happening?
-
Hi
Even I had a similar problem but not with IRC. you could try out sticky connections enable (in Advance Menu). please refer to the Multi WAN page of the tutorial (Load balancing)
Cheers
Manjula -
Did you try resetting states after you made that change? Also are you running any packages on your pfSense that might interfere with that traffic?
-
Did you try resetting states after you made that change? Also are you running any packages on your pfSense that might interfere with that traffic?
I have, and I also rebooted just to be sure, however there is no difference. Also, I don't have packages that would seem to interfere with IRC in anyway. The packages that I have installed are arping, imspector, nut, and phpSysinfo.
I'll provide you with something to work with:
Here is a traceroute capture from the machine that is connecting to IRC. I have done a traceroute to ' efnet.teleglobe.net ':
traceroute to efnet.teleglobe.net (66.198.80.67), 30 hops max, 40 byte packets
1 74.X.X.X (74.X.X.X) 37.932 ms 38.140 ms 38.131 ms
2 gi-15-0-4.gw01.wlfdle.phub.net.cable.rogers.com (66.185.93.85) 38.098 ms 38.087 ms 59.527 ms
3 so-3-0-0.gw02.wlfdle.phub.net.cable.rogers.com (66.185.80.130) 59.518 ms 59.455 ms 59.432 ms
4 24.153.5.234 (24.153.5.234) 81.119 ms 81.110 ms 81.093 ms
5 if-15-0.core4.AEQ-Ashburn.teleglobe.net (209.58.27.33) 95.288 ms 95.274 ms 95.485 ms
6 if-4-1-0-723.mcore3.NYY-NewYork.teleglobe.net (216.6.42.62) 109.920 ms 77.830 ms 77.817 ms
7 Pos-channel1.mcore4.MTT-Montreal.teleglobe.net (216.6.81.18) 78.020 ms 78.244 ms 78.195 ms
8 * * *
9 * * *
..etc…Now, on the same machine .. I will connect to efnet.teleglobe.net, but get a different IP other then my 74.X.X.X IP:
- [testing12] (~testing12@209.X.X.X): 1234
- [testing12] efnet.teleglobe.net :O'er the land of the free & the home of the brave
- [testing12] 209.X.X.X :actually using host
- [testing12] idle 00:00:07, signon: Thu Mar 20 21:04:41
- [testing12] End of WHOIS list.
=============================
Same situation with another IRC server, irc.tomsk.net from Russia:
traceroute to irc.tomsk.net (217.29.87.254), 30 hops max, 40 byte packets
1 74.X.X.X (74.X.X.X) 45.451 ms 45.421 ms 45.400 ms
2 gi-15-0-4.gw01.wlfdle.phub.net.cable.rogers.com (66.185.93.85) 45.335 ms 45.357 ms 45.522 ms
3 so-2-3-0.gw02.bloor.phub.net.cable.rogers.com (64.71.240.106) 45.490 ms 45.683 ms 45.671 ms
4 gw02.bloor.phub.net.cable.rogers.com (66.185.80.5) 45.415 ms 45.613 ms 45.829 ms
5 pos-1-0-0.igw01.vaash.phub.net.cable.rogers.com (66.185.80.190) 95.148 ms 95.132 ms 95.184 ms
6 equinix.ash.cw.net (206.223.115.73) 109.649 ms 105.347 ms 105.337 ms
7 so-4-0-0-dcr2.nyk.cw.net (195.2.10.234) 105.321 ms 105.507 ms 148.710 ms
8 so-5-0-0-dcr1.nyk.cw.net (195.2.10.241) 148.676 ms 148.656 ms 148.848 ms
9 so-2-0-0-dcr2.tsd.cw.net (195.2.10.110) 206.819 ms 207.027 ms 206.991 ms
10 transtele-gw.lnt.cw.net (166.63.222.66) 206.716 ms 226.485 ms 226.467 ms
11 ZSTTK-tmk.transtelecom.net (217.150.52.145) 320.631 ms 320.628 ms 295.747 ms
12 ge0-1-23.ll-tmk.zsttk.ru (82.200.1.85) 295.960 ms 295.945 ms 296.117 ms
13 gw-stack.ll-tmk.zsttk.ru (82.200.1.86) 273.622 ms 273.604 ms 273.584 ms
14 c3750-v11.tomsk.net (217.29.87.174) 266.296 ms 266.273 ms 266.224 ms
15 irc.tomsk.net (217.29.87.254) 273.275 ms 273.259 ms 253.781 ms- [testing1234] (~testing12@209.X.X.X): 1234
- [testing1234] irc.tomsk.net :Tomsk IRC Server, RusNet IRC network
- [testing1234] Charset translation is NONE
- [testing1234] idle 00:00:27, signon: Thu Mar 20 21:07:28
- [testing1234] End of WHOIS list.
I'll post the LAN rules and the routing table of the pfsense box shortly…
-
LAN Rules:
Proto | SRC | SRC Port | DST | DST Port | GW | Description
- | LAN net | * | DMZ net | * | * | LAN <-> DMZ (10.54.1/26)
- | LAN net | * | WIFI net | * | * | LAN <-> WIFI (192.168.54/24)
- | LAN net | * | * | * | OPT | Default GW -> OPT (74.X.X.X)
Route Table:
Destination Gateway Flags Netif
default 216.X.X.X UGS ng0 <– WAN (209.X.X.X)
10.54.1/26 link#1 UC em0 <-- LAN
10.54.1.64/26 link#5 UC rl0
74.X.X/25 link#2 UC xl0 <-- OPT Interface (74.X.X.X)
74.X.X.X <mac> UHLW xl0 <-- OPT Interface (74.X.X.X)
74.X.X.X 127.0.0.1 UGHS lo0
127.0.0.1 127.0.0.1 UH lo0
209.X.X.X lo0 UHS lo0
216.X.X.X 209.X.X.X UH ng0 <-- WAN (209.X.X.X)209.X.X.X = WAN (Static)
74.X.X.X = OPT Interface (DHCP)I am under the assumption that IRC simply looked at the default GW of the routing table and went with that instead??</mac>
-
Does imspector listen for irc too? If yes this is the reason it goes out through WAN.
-
Does imspector listen for irc too? If yes this is the reason it goes out through WAN.
- [testing1234] (~testing12@etc-etc-etc.cable.rogers.com): 1234
- [testing1234] irc.tomsk.net :Tomsk IRC Server, RusNet IRC network
- [testing1234] Charset translation is NONE
- [testing1234] idle 00:00:13, signon: Thu Mar 20 22:04:53
- [testing1234] End of WHOIS list
That fixed it!
I appreciate the help!
Thank you… -
All services running at the pfSense itself (like imspector) will always use the main wan only. They are not (yet) multiwan capable. Something to keep in mind when using packages that interfere with traffic ;)