Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    On WAN2 cant ping outside from pfsense itself. But LAN can reach "internet"

    Scheduled Pinned Locked Moved Routing and Multi WAN
    5 Posts 2 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      grumling
      last edited by

      Hi,

      Seems that I have an issue when WAN1 (primary) goes down.

      If I connect via SSH to the pfsense I cant ping outside addresses like 8.8.8.8
      But if I reconnect the WAN1 I can ping 8.8.8.8 from pfsense.

      The LAN is not affected by this problem, all the hosts can access anything like normal.

      When WAN1 is disconnected and we are running on WAN2

      
[2.2.6-RELEASE][admin@xxxx]/home/admin: ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
^C
--- 8.8.8.8 ping statistics ---
15 packets transmitted, 0 packets received, 100.0% packet loss

      When WAN1 is up I get this

      
[2.2.6-RELEASE][admin@xxxx]/home/admin: ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: icmp_seq=0 ttl=45 time=36.921 ms
64 bytes from 8.8.8.8: icmp_seq=1 ttl=45 time=38.392 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=45 time=44.726 ms
^C
--- 8.8.8.8 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 36.921/40.013/44.726/3.386 ms

      So what can make the LAN work flawless but the pfsense itself have problems.

      This problem makes it impossible to remote manage the pfsense.
      I can see in the firewall logs that my remote connection shows up ass PASSED on WAN2 interface if I try HTTPS to the pfsense. But from the remote client it show connection timeout in browser. So it feels like a routing issue from the pfsense itself.

      I notice that under Gateways, the gateway for WAN1 have (Default) next to it, even though I did not check the Default checkbox during the creation of the Gateway.

      1 Reply Last reply Reply Quote 0
      • G
        grumling
        last edited by

        From diagnostics Ping, if I choose interface WAN2 I can Ping and from LAN, but not from localhost. But when WAN1 is connected, localhost also works

        1 Reply Last reply Reply Quote 0
        • L
          l4k3k3m4n
          last edited by

          I guess for your LAN you have a gateway failover group attached to the firewall rules so you use WAN2 when WAN1 is down.

          The pfsense itself will always use the default gateway.
          You need to apply default gateway switching if you want this behavior.

          1 Reply Last reply Reply Quote 0
          • G
            grumling
            last edited by

            Thank you l4k3k3m4n. I think this will fix it. Will enable it from System -> Advanced -> Miscellaneous -> Load Balancing. It where unchecked now. Will mark as solved after I have verified that it works.

            Thanks again

            1 Reply Last reply Reply Quote 0
            • G
              grumling
              last edited by

              Worked perfect. Thanks again  :D

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.