Multi WAN routing not working (and therefore gateway monitoring wrong as well)

maldex

Hi

We’re struggeling with the Gateway Monitoring on a Dual WAN config. While the WAN1 works like a charm, the WAN2-Monitor IP is falsely marked as down.

I’m not sure I understand the problem exactely, but would love to get some inputs for troubleshooting. We’re having a situation like this:

WAN1(re1): fixed public IP/Cable uplink, -> Monitor IP 8.8.8.8
WAN2(re2): dynmic private IP/DSL router, -> Monitor IP 8.8.4.4

Routing table looks like this:

[2.1.5-RELEASE][root@pfsense]/root(37): netstat -rn
Routing tables
Internet:
Destination        Gateway            Flags    Refs      Use  Netif Expire
# -> default gateways and monitoring routes, 8.8.4.4 goes trough the DSL link!
default            xx.xxx.xx.253      UGS         0 32537086    re1
8.8.4.4            192.168.1.1        UGHS        0       76    re2
8.8.8.8            xx.xxx.xx.253      UGHS        0   241457    re1

# -> WAN1 routing via cable
xx.xxx.xx.252/30   link#2             U           0        0    re1
xx.xxx.xx.254      link#2             UHS         0    13084    lo0

# -> WAN2 routing through DSL/NAT
192.168.1.0/24     link#3             U           0      282    re2
192.168.1.2        link#3             UHS         0        0    lo0

# -> LAN and private network routes 
192.168.yyy.0/24   link#1             U           0 35858896    re0
192.168.yyy.1      link#1             UHS         0   482824    lo0
…

AFAIK all perfect and wonderful, and WAN1 just works like a charm

[2.1.5-RELEASE][root@pfsense]/root(40): ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: icmp_seq=2 ttl=58 time=9.119 ms
^C
--- 8.8.8.8 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss

but WAN2 just wouldn’t move one ping along!

[2.1.5-RELEASE][root@pfsense]/root(38): ping 192.168.1.1
PING 192.168.1.1 (192.168.1.1): 56 data bytes
^C
--- 192.168.1.1 ping statistics ---
3 packets transmitted, 0 packets received, 100.0% packet loss
[2.1.5-RELEASE][root@pfsense]/root(39): ping 8.8.4.4

PING 8.8.4.4 (8.8.4.4): 56 data bytes
^C
--- 8.8.4.4 ping statistics ---
4 packets transmitted, 0 packets received, 100.0% packet loss

Any idea what is going on? Manually hooking myself into the 192.168.1.0 network also works, it’s definitely not the DSL-plastik-router. Rebooting did not help, 192.168.1.1 is correclty in the ARP, dedicated cabeling, disabling monitoring just leads wo a bogus ‘up’ state, and unfortunately the installation is life and I have no clue if failover would actually work.

Any ideas what could be going on? I refuse to say that FreeBSD’s routing is broken!

(upgrading not possible due to broken postfix package in 2.2.1)

phil.davis

I have the same sort of topology - primary WAN with a real public IP, secondary WAN that goes through double-NAT with a little private subnet on WAN2, and it works fine.
Yours should "just work".
Maybe try a traceroute - that might reveal that the ping/echo is going out somewhere unexpected, then you think what setting/rule would be causing it.

thesankha

Do not use gateway monitor with dsl.. it affects loadbalance as well as problems you are facing….