What could be blocking all OPT1



  • WAN - WAN_CABLE (comcast)
    OPT1 - WAN_DSL (speakeasy > megapath > global capacity, 8 IPs defined as virtuals, one is also the ip of the interface)

    pfsense 2.2.4

    History - long time user of pfsense; so far it has just worked.  About a month ago I upgraded from 1.x something to the latest, 2.2.4.  It seemed to take the upgrade well but was having some issues with the WAN_CABLE.  Set up an external Icinga to just ping the my IPs, and the WAN_CABLE IP.  Setting up ping/icmp was tedious but seemed to work.

    At some point things got so confusing I decided to start from scratch and reset everything to "factory" and hand updated everything.

    WAN_CABLE is working for my outbound and I can access one website I use with dynamic DNS for speed.

    Now, not matter what I do, I cannot get the WAN_DSL to pass any traffic.  I can see the blocked traffic in the firewall log and I have clicked the link to pass the pings (icmp) or port 80 for web site access (and manually I've done the same) but still no joy.  It's as if none of the NAT or firewall rules have any effect.  I see only blocked by default rule.

    I believe there's some setting that I've overlooked that will open the floodgates…

    Any tips appreciated.

    Thanks,
    Chris.

    (this is a home system, so I'm only tinkering with this from 8-12 California evenings)



  • BTW, my ultimate goal would be to set up failover so that the 2 WAN connections can failover to the other in a failure, but first things first.  I think I should just make sure both WAN connections are working before trying to add the complexity of multi-wan setup.

    Thanks,
    Chris.



  • I don't know if you've gone through this or not but it may help you:

    https://doc.pfsense.org/index.php/Multi-WAN



  • Yes.  I have seen that. Thanks.

    For now, I think it's best to first confirm that the WAN_DSL works.  Then I'll go back to the page you've referenced.

    Thank you,
    Chris.



  • So I checked with my provider that there is a solid DSL signal to my modem (stock broadxent).  The DSL light is on.

    However, he could not ping my WAN_DSL either.  There is no internet traffic.

    I can see the blocking of my WAN_DSL traffic in the firewall logs so I think there is no hardware issue.



  • However, he could not ping my WAN_DSL either.

    That would require a rule that allows ICMP on WAN.

    I've never used pfSense in a multi-WAN config so I can't offer any other suggestions.



  • @KOM:

    However, he could not ping my WAN_DSL either.

    That would require a rule that allows ICMP on WAN.

    I've never used pfSense in a multi-WAN config so I can't offer any other suggestions.

    What is your subnet mask for your DSL ip range?



  • What is your subnet mask for your DSL ip range?

    Ah! An excellent question.

    I had the default value of /32 configured for the WAN_DSL.  Every time I edited the Gateway page for the WAN_DSL, it threw an error saying that the .1 was not in the range.  The gateway was defined in the WAN_DSL Interface page (accepted it withoput error).  Then I was looking at dhcp for the WAN_DSL (not enabled) but it showed a really short range.

    I switched the subnet mask for the WAN_DSL interface to /24 and the gateway came back to online.

    Small piece of the puzzle fixed.

    Sadly it did not resolve the problem of the complete blocking of all traffic on the WAN_DSL.  Before redoing this from scratch, I had it working and I've done something, or missed something that will probably open this up.

    Thanks for your help.


Log in to reply