Multi WAN routing not working (and therefore gateway monitoring wrong as well)
-
Hi
We’re struggeling with the Gateway Monitoring on a Dual WAN config. While the WAN1 works like a charm, the WAN2-Monitor IP is falsely marked as down.
I’m not sure I understand the problem exactely, but would love to get some inputs for troubleshooting. We’re having a situation like this:
WAN1(re1): fixed public IP/Cable uplink, -> Monitor IP 8.8.8.8
WAN2(re2): dynmic private IP/DSL router, -> Monitor IP 8.8.4.4Routing table looks like this:
[2.1.5-RELEASE][root@pfsense]/root(37): netstat -rn Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire # -> default gateways and monitoring routes, 8.8.4.4 goes trough the DSL link! default xx.xxx.xx.253 UGS 0 32537086 re1 8.8.4.4 192.168.1.1 UGHS 0 76 re2 8.8.8.8 xx.xxx.xx.253 UGHS 0 241457 re1 # -> WAN1 routing via cable xx.xxx.xx.252/30 link#2 U 0 0 re1 xx.xxx.xx.254 link#2 UHS 0 13084 lo0 # -> WAN2 routing through DSL/NAT 192.168.1.0/24 link#3 U 0 282 re2 192.168.1.2 link#3 UHS 0 0 lo0 # -> LAN and private network routes 192.168.yyy.0/24 link#1 U 0 35858896 re0 192.168.yyy.1 link#1 UHS 0 482824 lo0 …AFAIK all perfect and wonderful, and WAN1 just works like a charm
[2.1.5-RELEASE][root@pfsense]/root(40): ping 8.8.8.8 PING 8.8.8.8 (8.8.8.8): 56 data bytes 64 bytes from 8.8.8.8: icmp_seq=2 ttl=58 time=9.119 ms ^C --- 8.8.8.8 ping statistics --- 3 packets transmitted, 3 packets received, 0.0% packet lossbut WAN2 just wouldn’t move one ping along!
[2.1.5-RELEASE][root@pfsense]/root(38): ping 192.168.1.1 PING 192.168.1.1 (192.168.1.1): 56 data bytes ^C --- 192.168.1.1 ping statistics --- 3 packets transmitted, 0 packets received, 100.0% packet loss [2.1.5-RELEASE][root@pfsense]/root(39): ping 8.8.4.4 PING 8.8.4.4 (8.8.4.4): 56 data bytes ^C --- 8.8.4.4 ping statistics --- 4 packets transmitted, 0 packets received, 100.0% packet lossAny idea what is going on? Manually hooking myself into the 192.168.1.0 network also works, it’s definitely not the DSL-plastik-router. Rebooting did not help, 192.168.1.1 is correclty in the ARP, dedicated cabeling, disabling monitoring just leads wo a bogus ‘up’ state, and unfortunately the installation is life and I have no clue if failover would actually work.
Any ideas what could be going on? I refuse to say that FreeBSD’s routing is broken!
(upgrading not possible due to broken postfix package in 2.2.1)
-
I have the same sort of topology - primary WAN with a real public IP, secondary WAN that goes through double-NAT with a little private subnet on WAN2, and it works fine.
Yours should "just work".
Maybe try a traceroute - that might reveal that the ping/echo is going out somewhere unexpected, then you think what setting/rule would be causing it. -
Do not use gateway monitor with dsl.. it affects loadbalance as well as problems you are facing….