Dual wan not working



  • Hi There,

    I have been struggling with this problem a couple of days now.

    I have 2 WAN connections and Currently 1 LAN.

    WAN -> Connection 1
    LAN -> LAN
    Opt1 -> Connection 2

    Both the WAN connections can ping the gateways. Opt1 seems not to get any further then its own gateway, with result that it cannot loadbalance etc..

    On the wan connection i can ping everything on the internet. If i change the whole configuration and change WAN -> Connection2 and Opt1-> Connection1 i have the same problem. So the connections are oke.

    It seems PFsense refuse's to work with the second WAN interface. Any thoughts on this?

    With regards,
    Michael



  • have you used http://doc.pfsense.org/index.php/MultiWanVersion1.2 to setup the load balancing?



  • It's normal that the optwan can't ping beyond it's gateway unless you add static routes. You have some other configuration error. Please provide more info on your interface setup, firewallrules and maybe outbound nat rules (if you created rules for this which you usually don't need for simple loadbalancing).



  • @sai:

    have you used http://doc.pfsense.org/index.php/MultiWanVersion1.2 to setup the load balancing?

    I Followed that doc indeed.

    @hoba:

    It's normal that the optwan can't ping beyond it's gateway unless you add static routes. You have some other configuration error. Please provide more info on your interface setup, firewallrules and maybe outbound nat rules (if you created rules for this which you usually don't need for simple loadbalancing).

    I indeed noticed its not possible to use the ping utility with multi-wan

    The interfaces do have a basic setup,

    It contains the ip address /subnet
    Gateway
    And the ftp helper is disabled.

    To test this setup i used the allow "everything" rule on both wan connections.

    The outbound rules consists currently of routing the traffic to the WAN interface gateway. If i change this to the Opt interface gateway, i cant ping to any internet server.



  • try adding static routes on your secondary uplink and test; you can use the shell insterface and traceroute to see if it actually when thru that gateway



  • @michaelsnijder:

    To test this setup i used the allow "everything" rule on both wan connections.

    The outbound rules consists currently of routing the traffic to the WAN interface gateway. If i change this to the Opt interface gateway, i cant ping to any internet server.

    Why allow everything on the wans? that is not needed and makes your pfsense wide open to the world. Where does the route die if you traceroute out to the internet via the optwan?



  • @hoba:

    @michaelsnijder:

    To test this setup i used the allow "everything" rule on both wan connections.

    The outbound rules consists currently of routing the traffic to the WAN interface gateway. If i change this to the Opt interface gateway, i cant ping to any internet server.

    Why allow everything on the wans? that is not needed and makes your pfsense wide open to the world. Where does the route die if you traceroute out to the internet via the optwan?

    its just a test for now, i know its not secure.  I cant test the traceroute at the moment because im not at the office. I will test it when i will be at the office again.

    Edit: Is there any posibility i can check this remote? I can connect remote to this box. Im afraid if i change the default gateway i will get disconnected.

    @djmizt:

    try adding static routes on your secondary uplink and test; you can use the shell insterface and traceroute to see if it actually when thru that gateway

    Will try something, will keep you updated!



  • @djmizt:

    try adding static routes on your secondary uplink and test; you can use the shell insterface and traceroute to see if it actually when thru that gateway

    I just added a ip and gave it the gateway on the opt interface. It goes thru and hits the destination. Im kinda confused now..

    If i ping or traceroute this same ip on a server on the lan interface it ends up on the pfsense box.

    So it seems, i can get traffic across this gateway, anyhow the pfsense box refuses to pass traffic to this interface.



  • Please show us the exact firewallrule that you setup to send the traffic out to wan2. Also make sure advanced outbound nat is disabled (firewall>nat, outbound tab).



  • @hoba:

    Please show us the exact firewallrule that you setup to send the traffic out to wan2. Also make sure advanced outbound nat is disabled (firewall>nat, outbound tab).

    actually the outbound is currently set on Manual Outbound NAT rule generation (Advanced Outbound NAT (AON)), do you want me to set it to Automatic outbound NAT rule generation (IPsec passthrough) ?

    It seems this fixed the problem! will keep you updated!



  • For simple loadbalancing you don't need advanced outbound nat. pfSense will nat on any interface that has a gateway set by default. If you want to use advanced outbound nat you have to setup your rules correct to make it work with multiwan as we only generate rules for lan to wan when enabling it by default.



  • @hoba:

    For simple loadbalancing you don't need advanced outbound nat. pfSense will nat on any interface that has a gateway set by default. If you want to use advanced outbound nat you have to setup your rules correct to make it work with multiwan as we only generate rules for lan to wan when enabling it by default.

    I understand the problem now! Its working now with round robin, will test it later on with failover! Your help is apreciated! Thanks!


Locked