Setting the same tier for 2 gateways in a groups leads to connection loss

  • Hello,
    I have a very strange problem and I'm all out of ideas on what might be wrong.

    The group setup I want looks like this:

    But this leads to the loss of connectivity for most users. It seems that already established connections are fine (e.g. streams continue to run), but new connections don't work. Everything works fine if I use Tier 1 and Tier 2 for the fiber gateways:

    I had this setup running before and than realized that I was doing double NAT. After I deactivated NAT on the pfsense this problem appears. So my guess is, that is has something to do with outbound nat and the loadbalancing. But I can't figure it out.

    My outbound NAT settings:

    I do need double NAT on the cable connection because I can't set a static route on the cheap modem.

    Any ideas? Do you need more information? I'm happy to provide anything that might help to figure this out.

  • Switch the NAT back to automatic, nothing you're doing there requires manual. You can't disable NAT because you can't add a route back on your cable modem.

  • I can disable it on the fiber channels and routing over either one works fine. Only the loadbalancing leads to problems.

  • LAYER 8 Netgate

    Fine. Don't listen. You have no NAT for anything other than the cable modem. Not sure how anything is working except that.

    Good luck.

  • I'm doing NAT on my fiber modems just not on the pfsense? Whats wrong with that?

  • LAYER 8 Netgate

    That should be fine.  Does it work if you make 29 Tier 1 and 35 Tier 2?  If not I'd double check the routes on 29GW.

  • It also works fine if I set the P29 tier 1 and P35 tier 2. The problem only exists if then are both in the same tier.

  • show the interface config all wan interfaces.

    also if you don't nat on pfsense … have you added routes for your subnets_behind_pfsense to your modems ?

  • Hi,
    the pfsense is the default gateway for all the subnets. All clients have that setting.

    FiberP35 Gateway:

    FiberP29 Gateway

Log in to reply