Multi WAN routing not working (and therefore gateway monitoring wrong as well)



  • Hi

    We’re struggeling with the Gateway Monitoring on a Dual WAN config. While the WAN1 works like a charm, the WAN2-Monitor IP is falsely marked as down.

    I’m not sure I understand the problem exactely, but would love to get some inputs for troubleshooting. We’re having a situation like this:

    WAN1(re1): fixed public IP/Cable uplink, -> Monitor IP 8.8.8.8
    WAN2(re2): dynmic private IP/DSL router, -> Monitor IP 8.8.4.4

    Routing table looks like this:

    
    [2.1.5-RELEASE][root@pfsense]/root(37): netstat -rn
    Routing tables
    Internet:
    Destination        Gateway            Flags    Refs      Use  Netif Expire
    # -> default gateways and monitoring routes, 8.8.4.4 goes trough the DSL link!
    default            xx.xxx.xx.253      UGS         0 32537086    re1
    8.8.4.4            192.168.1.1        UGHS        0       76    re2
    8.8.8.8            xx.xxx.xx.253      UGHS        0   241457    re1
    
    # -> WAN1 routing via cable
    xx.xxx.xx.252/30   link#2             U           0        0    re1
    xx.xxx.xx.254      link#2             UHS         0    13084    lo0
    
    # -> WAN2 routing through DSL/NAT
    192.168.1.0/24     link#3             U           0      282    re2
    192.168.1.2        link#3             UHS         0        0    lo0
    
    # -> LAN and private network routes 
    192.168.yyy.0/24   link#1             U           0 35858896    re0
    192.168.yyy.1      link#1             UHS         0   482824    lo0
    …
    
    

    AFAIK all perfect and wonderful, and WAN1 just works like a charm

    
    [2.1.5-RELEASE][root@pfsense]/root(40): ping 8.8.8.8
    PING 8.8.8.8 (8.8.8.8): 56 data bytes
    64 bytes from 8.8.8.8: icmp_seq=2 ttl=58 time=9.119 ms
    ^C
    --- 8.8.8.8 ping statistics ---
    3 packets transmitted, 3 packets received, 0.0% packet loss
    
    

    but WAN2 just wouldn’t move one ping along!

    
    [2.1.5-RELEASE][root@pfsense]/root(38): ping 192.168.1.1
    PING 192.168.1.1 (192.168.1.1): 56 data bytes
    ^C
    --- 192.168.1.1 ping statistics ---
    3 packets transmitted, 0 packets received, 100.0% packet loss
    [2.1.5-RELEASE][root@pfsense]/root(39): ping 8.8.4.4
    
    PING 8.8.4.4 (8.8.4.4): 56 data bytes
    ^C
    --- 8.8.4.4 ping statistics ---
    4 packets transmitted, 0 packets received, 100.0% packet loss
    
    

    Any idea what is going on? Manually hooking myself into the 192.168.1.0 network also works, it’s definitely not the DSL-plastik-router. Rebooting did not help, 192.168.1.1 is correclty in the ARP, dedicated cabeling, disabling monitoring just leads wo a bogus ‘up’ state, and unfortunately the installation is life and I have no clue if failover would actually work.

    Any ideas what could be going on? I refuse to say that FreeBSD’s routing is broken!

    (upgrading not possible due to broken postfix package in 2.2.1)



  • I have the same sort of topology - primary WAN with a real public IP, secondary WAN that goes through double-NAT with a little private subnet on WAN2, and it works fine.
    Yours should "just work".
    Maybe try a traceroute - that might reveal that the ping/echo is going out somewhere unexpected, then you think what setting/rule would be causing it.



  • Do not use gateway monitor with dsl.. it affects loadbalance as well as problems you are facing….


Log in to reply