Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Setting the same tier for 2 gateways in a groups leads to connection loss

    Routing and Multi WAN
    4
    9
    622
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      frooop last edited by

      Hello,
      I have a very strange problem and I'm all out of ideas on what might be wrong.

      The group setup I want looks like this:

      But this leads to the loss of connectivity for most users. It seems that already established connections are fine (e.g. streams continue to run), but new connections don't work. Everything works fine if I use Tier 1 and Tier 2 for the fiber gateways:

      I had this setup running before and than realized that I was doing double NAT. After I deactivated NAT on the pfsense this problem appears. So my guess is, that is has something to do with outbound nat and the loadbalancing. But I can't figure it out.

      My outbound NAT settings:

      I do need double NAT on the cable connection because I can't set a static route on the cheap modem.

      Any ideas? Do you need more information? I'm happy to provide anything that might help to figure this out.

      1 Reply Last reply Reply Quote 0
      • C
        cmb last edited by

        Switch the NAT back to automatic, nothing you're doing there requires manual. You can't disable NAT because you can't add a route back on your cable modem.

        1 Reply Last reply Reply Quote 0
        • F
          frooop last edited by

          I can disable it on the fiber channels and routing over either one works fine. Only the loadbalancing leads to problems.

          1 Reply Last reply Reply Quote 0
          • Derelict
            Derelict LAYER 8 Netgate last edited by

            Fine. Don't listen. You have no NAT for anything other than the cable modem. Not sure how anything is working except that.

            Good luck.

            1 Reply Last reply Reply Quote 0
            • F
              frooop last edited by

              I'm doing NAT on my fiber modems just not on the pfsense? Whats wrong with that?

              1 Reply Last reply Reply Quote 0
              • Derelict
                Derelict LAYER 8 Netgate last edited by

                That should be fine.  Does it work if you make 29 Tier 1 and 35 Tier 2?  If not I'd double check the routes on 29GW.

                1 Reply Last reply Reply Quote 0
                • F
                  frooop last edited by

                  It also works fine if I set the P29 tier 1 and P35 tier 2. The problem only exists if then are both in the same tier.

                  1 Reply Last reply Reply Quote 0
                  • H
                    heper last edited by

                    show the interface config all wan interfaces.

                    also if you don't nat on pfsense … have you added routes for your subnets_behind_pfsense to your modems ?

                    1 Reply Last reply Reply Quote 0
                    • F
                      frooop last edited by

                      Hi,
                      the pfsense is the default gateway for all the subnets. All clients have that setting.

                      FiberP35 Gateway:

                      FiberP29 Gateway

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post

                      Products

                      • Platform Overview
                      • TNSR
                      • pfSense
                      • Appliances

                      Services

                      • Training
                      • Professional Services

                      Support

                      • Subscription Plans
                      • Contact Support
                      • Product Lifecycle
                      • Documentation

                      News

                      • Media Coverage
                      • Press
                      • Events

                      Resources

                      • Blog
                      • FAQ
                      • Find a Partner
                      • Resource Library
                      • Security Information

                      Company

                      • About Us
                      • Careers
                      • Partners
                      • Contact Us
                      • Legal
                      Our Mission

                      We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                      Subscribe to our Newsletter

                      Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                      © 2021 Rubicon Communications, LLC | Privacy Policy