Strange Routing Issue

razorhazor

Not sure whats going on here but I have the following setup:

WAN (ADSL Provider 1)                  OPT1 (ADSL Provider 2)
  \                                                                  /
  –----------------------------------------------
                                  PFSense (192.168.3.1)
                                            |
                                        Switch
                                            |
                              PC 1              PC2

The Load Balancing multi-WAN setup is fine, both show online, however I loose internet access on PC 1 (including ping'ing everything apart from 192.168.3.1), but will have access fine on PC2, then after a while it will swap round!?

I have the following firewall rules:

LAN:
Proto  Source  Port  Destination  Port  Gateway  Schedule  Description

• • • • • balancedLAN   Default LAN -> internet

WAN:
TCP/UDP  *  *  192.168.3.2  16889  *      NAT   
TCP/UDP * * 192.168.3.3 16888 *   NAT

OPT1:
TCP/UDP  *  *  192.168.3.2  16889  *      NAT   
TCP/UDP * * 192.168.3.3 16888 *   NAT

The firewall logs dont seem to fill up with any blocked traffic from these 2 IP's.

It doesnt seem to make sense to me!

Any help would be greatly appreciated!

Matt

Perry

Did you tick sticky connections?

razorhazor

@Perry:

Did you tick sticky connections?

Yes I did, to try and get round issues with Online Banking websites etc monitoring the IP address and logging me out when the load balancer uses the 2nd connection.

Is there a known issue?

Cheers
Matt

Perry

yes http://forum.pfsense.org/index.php/topic,8957.0.html

hoba

To get issues with online banking solved just create a rule for https traffic that will use a failover pool instead of balancing. These applications won't cause much load so it's no problem to have them only at one wan and they will still be available if one of the wans go down this way. At my setups I have a portsalias and a hostsalias for such ports and destinations that don't work with loadbalancing. It's easy to just add ports or IPs later this way.

razorhazor

@hoba:

To get issues with online banking solved just create a rule for https traffic that will use a failover pool instead of balancing. These applications won't cause much load so it's no problem to have them only at one wan and they will still be available if one of the wans go down this way. At my setups I have a portsalias and a hostsalias for such ports and destinations that don't work with loadbalancing. It's easy to just add ports or IPs later this way.

Excellent advice, thanks for that, works perfectly now…