On Wed, Feb 9, 2011 at 11:50 AM, Mark Wiater <[email protected]> wrote: > Good day everyone, > > I was hoping to open or reopen a discussion about how pfSense reacts to a > gateway failure in a multiwan configuration. I think there was an attempt to > address this in http://redmine.pfsense.org/issues/880. > > I use both 1.2 and 2.0. > > I'm an advocate for changing the default route to a valid wan interface in > the event that the interface holding the default route fails monitoring. > > I work with a couple of other firewall brands, coincidentally also Freebsd > based, that do support default route changes based on reachability and it > works very very well. Users don't even know what's happened. And isn't that > the point of having multiwan (at least one of the points). > > So... In the issue, Ermal indicates that it's taken care of in 2.0 in another > way. I think I missed what that other way is. Because if the interface that > holds my default route goes down, lots of traffic doesn't end up hitting the > internet unless it sources from an internal network and I've got a policy > route in pf. >
It will be taken care from pf(4) policy route. In pfSense there are enhancement in the kernel to support that. > Is a dynamic default route change out of the question? What is the other way > to affect the same behavior in 2.0? Not that its out of the question but the ways things work right now its not the best option and the pf(4) fix works quite ok. On 2.0 you can run even without a default gateway from what i have tested. Though for later releases this might be revisited but its low priority for now. > > Thanks > > Mark > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > Commercial support available - https://portal.pfsense.org > > -- Ermal --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
