Multi WAN routing not working (and therefore gateway monitoring wrong as well)

    We’re struggeling with the Gateway Monitoring on a Dual WAN config. While the WAN1 works like a charm, the WAN2-Monitor IP is falsely marked as down.

    I’m not sure I understand the problem exactely, but would love to get some inputs for troubleshooting. We’re having a situation like this:

    WAN1(re1): fixed public IP/Cable uplink, -> Monitor IP
    WAN2(re2): dynmic private IP/DSL router, -> Monitor IP

    Routing table looks like this:

    [2.1.5-RELEASE][root@pfsense]/root(37): netstat -rn
    Routing tables
    Destination        Gateway            Flags    Refs      Use  Netif Expire
    # -> default gateways and monitoring routes, goes trough the DSL link!
    default        UGS         0 32537086    re1          UGHS        0       76    re2        UGHS        0   241457    re1
    # -> WAN1 routing via cable   link#2             U           0        0    re1      link#2             UHS         0    13084    lo0
    # -> WAN2 routing through DSL/NAT     link#3             U           0      282    re2        link#3             UHS         0        0    lo0
    # -> LAN and private network routes 
    192.168.yyy.0/24   link#1             U           0 35858896    re0
    192.168.yyy.1      link#1             UHS         0   482824    lo0

    AFAIK all perfect and wonderful, and WAN1 just works like a charm

    [2.1.5-RELEASE][root@pfsense]/root(40): ping
    PING ( 56 data bytes
    64 bytes from icmp_seq=2 ttl=58 time=9.119 ms
    --- ping statistics ---
    3 packets transmitted, 3 packets received, 0.0% packet loss

    but WAN2 just wouldn’t move one ping along!

    [2.1.5-RELEASE][root@pfsense]/root(38): ping
    PING ( 56 data bytes
    --- ping statistics ---
    3 packets transmitted, 0 packets received, 100.0% packet loss
    [2.1.5-RELEASE][root@pfsense]/root(39): ping
    PING ( 56 data bytes
    --- ping statistics ---
    4 packets transmitted, 0 packets received, 100.0% packet loss

    Any idea what is going on? Manually hooking myself into the network also works, it’s definitely not the DSL-plastik-router. Rebooting did not help, is correclty in the ARP, dedicated cabeling, disabling monitoring just leads wo a bogus ‘up’ state, and unfortunately the installation is life and I have no clue if failover would actually work.

    Any ideas what could be going on? I refuse to say that FreeBSD’s routing is broken!

    (upgrading not possible due to broken postfix package in 2.2.1)

  • I have the same sort of topology - primary WAN with a real public IP, secondary WAN that goes through double-NAT with a little private subnet on WAN2, and it works fine.
    Yours should "just work".
    Maybe try a traceroute - that might reveal that the ping/echo is going out somewhere unexpected, then you think what setting/rule would be causing it.

  • Do not use gateway monitor with dsl.. it affects loadbalance as well as problems you are facing….

