I have a 2 WAN setup, both interfaces are Ethernet hand-offs from 2 different ISP's. Both WAN's have static IP's. I have a LAN and a HotLAN on two separate interfaces, in case anyone cares. I'm also using Squid and Dansguardian on this box.
When my primary connection goes offline, I change the weight to prefer the secondary, or I setup a rule to push DNS traffic out the secondary....no DNS responses are received. I'm using one internal DNS server and two external, both defined in ClearOS.
I've run a tcpdump on the secondary WAN interface restricted to only displaying UDP DNS traffic, and it shows packets leaving the secondary interface with the IP address from the primary interface. ??? Seems like NAT isn't working correctly, and possibly why these failovers aren't working at all. Thoughts?
When my primary connection goes offline, I change the weight to prefer the secondary, or I setup a rule to push DNS traffic out the secondary....no DNS responses are received. I'm using one internal DNS server and two external, both defined in ClearOS.
I've run a tcpdump on the secondary WAN interface restricted to only displaying UDP DNS traffic, and it shows packets leaving the secondary interface with the IP address from the primary interface. ??? Seems like NAT isn't working correctly, and possibly why these failovers aren't working at all. Thoughts?
In Multiwan
Share this post:
Responses (6)
-
Accepted Answer
So...1to1 NAT is pretty evil in its implementation in Clear. I was only using it to port forward a common port from two different WAN IP's to two different LAN IP's. This mucks with outbound NAT as well, however. Ick, yuck, phooey.
I deleted the 1to1 NAT rules and replaced them with Custom iptables rules, and Multiwan failover works now. It shouldn't be necessary to have to go to Custom rules to do simple port forwards. We really need a drop-down menu or pickbox so we can specify one or all WAN IP addresses in the port forward interface. -
Accepted Answer
The potential issues you cite are not the problem. For one, the internal DNS server I run does root lookups just fine over either circuit. The external DNS servers are both operated by me as well, and are accessible over either circuit.
The problem is pretty clear: the traffic going out the secondary interface has the primary interface's IP address listed as the source IP. Anyone know why that is? -
Accepted Answer
-
Accepted Answer
Are you using your ISP's DNS servers? This can cause problems in a MultiWAN environment. Many ISP's only allow DNS lookups from inside their network. This means that if you use ISP1's DNS servers and your connection to ISP1 goes down you will continue to use ISP1's servers, but the traffic will be routed via ISP2. Because the traffic is seen to come from an external network, ISP1's DNS servers will not respond. The easiest way round this is to use public DNS servers rather than your ISP's. Typical public ones are OpenDNS (208.67.222.222 and 208.67.220.220) and GoogleDNS (8.8.8.8 and 8.8.4.4) but there are quite a few others e.g. here.
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »