Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 9 replies
  • Subscribers 5 subscribers
  • Views 21501 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Forcing one host to use secondary WAN connection - cannot make it work for my life.

JohnSmith4

Hi All,

Hopefully someone could help :)

I have got second WAN connection, which normally sits as standby spare. But i decided to actually use it for some traffic. To test it first I decided to route through it my internet radio (standalone box). And whatever I do (I am on 9.353 home license) it just does not work. Is there known bug in this firmware I beg to ask?

If not than I tried all possible things I could think of / could find on forum. Typically I would set both WANs to active, set first to 100 and second to 0 to force all traffic on default through main WAN. Than I would create multipath rule to get traffic (device -> any -> WAN2) from radio push through WAN2. And it does not happen. WAN2 on dashboard stays 0 / 0 kbps and checking main connection i can see that shoutcast service continues on main WAN. I also set short persistence to see effect faster (1 minute) and also restarted device to force the rule. Nothing.

So i tried that rule on my PC (myPC -> any -> WAN2) and see exactly same behavior. I get main WAN IP address when checked in the browser. WAN2 stays with 0 traffic on it.

I also tried to masquerade (map) that device in question to WAN2 but no difference either. Is this actually needed by the way?

Just to clarify, if i set weights to 50/50 or 100/100 or anything similar than it seems to split the overall traffic between both WANs. But I cannot get just a device to exit through chosen one.

It worries me that when I want to get a server to be visible outside under specific IP (WAN2 IP) I will not be able to make it work?

Please kindly share you experience.

Thanks!



This thread was automatically locked due to age.
  • 0

    Hi, and welcome to the UTM Community!

    If you want to publish a web server on either WAN connection, just have public DNS point at that connection - return traffic will leave from the same connection.

    Do you have a masq rule like 'Internal (Network) -> WAN2'?  If that wasn't it, try #1 in Rulz.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    BAlfson,

    I agree with what you said about incoming traffic but thats not what I am trying to achieve. Sometimes the other side require static IP here to be allowed in = server has to go out through specific connection.

    Point is that main connection (fibre, very vast) does not have static IP, I use dyndns but this is not enough often for certain things. Some services will let me connect to if my traffic comes from known IP address only. Therefore I have second connection with static IP but slow.

    In masq I have all masked to WAN1 (Internal -> WAN1) as this is main connection. Is this correct in my case?
  • 0
    Correction: my masq rule actually maps Internal to Uplink Interfaces (and they correctly list both WANs).
  • 0
    John,

    You're going to need to create a masq rule at the top of the priority list that says that host is specifically tied to WAN2. Once you do that you'll need to make sure your firewall rules are in place that allow traffic out of WAN2 and that you have the associated routing in place for a gateway out of WAN2. If you disable WAN1 (as a test) do you get traffic over WAN2?
  • 0 in reply to TerryHashley
    Terry,

    Thanks for your input. I believe I tried that (mapping that particular host to WAN2) but I surely can try again. So what you are saying I should have masqs like that:
    host -> any -> WAN2
    internal -> any -> Uplink Interfaces

    or I would be better to split second entry to:

    internal -> any -> WAN1
    internal -> any -> WAN2

    ?

    And yes, I can route common traffic through WAN2. If I disable WAN1 than all goes through WAN2. If in uplink balancing I set weight on WAN2 to anything more than 0 than also i get some traffic going through it. This is just forcing one host to use WAN2 where I seem to struggle.
  • 0 in reply to JohnSmith4
    I would say:
    host -> any -> WAN2
    internal -> any -> Uplink Interfaces

    That way it is a priority list based on your uplink balancing weight values.

    Then make sure you're full nat for internal connections from WAN2 to that host.

    I think that should take care of it since your uplink balancing weights are working otherwise meaning your firewall rules *should* be good.
  • 0
    Right, so this is exactly what I have now and the traffic from the host continues to leave the setup through WAN1. That's why I am a bit perplexed.
    Please don't understand me wrong. There are workarounds and things I can do to live with it, but I am a stubborn person and like to make things work as they should (quite a principle here ;P) and therefore could someone with 9.353 and second WAN connection try to do the same and get us some feedback on it? I just wonder if this is just a bug and it should work with the settings we mentioned in the thread.

    Thanks a lot for all for helping here.
  • 0
    Hi, Terry, and welcome to the UTM Community!

    If a list in WebAdmin is not numbered, then the order doesn't matter. That's why a separate masq rule for a single device wouldn't work if the IP address were the problem. 'Internal (Network) -> Uplink Interfaces' is all that's needed.

    With Uplink Balancing active, a Multipath rule that binds 'host -> Any -> Internet' to WAN2 is the preferred solution to select the WAN connection to be used.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Bob,

    thank you for the correction, i completely forgot that the masq rules are not in a preference order. But John, that's correct the Multipath rules is the solution from here.
Unfiltered HTML