On Wed, Feb 9, 2011 at 3:29 PM, Mark Wiater <mark.wia...@greybeam.com> wrote: > On 2/9/2011 9:12 AM, Ermal Luçi said: >> On Wed, Feb 9, 2011 at 11:50 AM, Mark Wiater <mark.wia...@greybeam.com> >> wrote: > >> So... In the issue, Ermal indicates that it's taken care of in 2.0 in >> another way. I think I missed what that other way is. Because if the >> interface that holds my default route goes down, lots of traffic doesn't end >> up hitting the internet unless it sources from an internal network and I've >> got a policy route in pf. >> >> It will be taken care from pf(4) policy route. In pfSense there are >> enhancement in the kernel to support that. > When my WAN interface, the default route goes down, things like squid and > dnsmasq stop working for me, and I have multiple DNS entries in the general > setup using the different gateways. > >>> Is a dynamic default route change out of the question? What is the other >>> way to affect the same behavior in 2.0? >> Not that its out of the question but the ways things work right now >> its not the best option and the pf(4) fix works quite ok. >> On 2.0 you can run even without a default gateway from what i have tested. > In my experience, there are things that don't work from the firewall itself > and that can cause somewhat significant problems. How does dns forwarder > traffic or squid traffic know where to go if the default route is not > functioning? Is there a configuration in pf that I'm missing? > > It sounds like I'm missing some fundamental configuration concept to make it > work as well and as reliably as you have. I thought I looked everywhere for > the right way to configure multiwan but maybe I've missed it? Got any > pointers?
Please upgrade to a snapshot from 9th of February and up and just test it again. You would only need a gateway pool on the floating rules + AON to make that work. But please lets continue this on the forum. >> Though for later releases this might be revisited but its low priority for >> now. > > Thanks Ermal > > Mark > > --------------------------------------------------------------------- > To unsubscribe, e-mail: support-unsubscr...@pfsense.com > For additional commands, e-mail: support-h...@pfsense.com > > Commercial support available - https://portal.pfsense.org > > -- Ermal --------------------------------------------------------------------- To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org