Hello everyone, I have a problem trying to setup following configuration (edge router pro, 1.9.0)
- I used the wizard "Load Balancing" to setup basic failover scenario:
eth0-192.168.1.1(lan) ---> eth6-1.1.1.2(primary-wan)
---> eth7-2.2.2.2(secondary-wan only failover)
- All works fine
- If I remove nat masquerade configuration that the wizard has setup for both wan interfaces, I can't ping dns address anymore from the edge router (ping google.it for example)
- I can ping however ip address (ping 8.8.8.8)
- troubleshooting using packet capture show that during dns request the edge router send some dns query with source address 1.1.1.2 out eth7 and some dns query with source 2.2.2.2 out eth6.
- this strange behaviour cause asymmetric routing for dns flows
this is traffic exit eth6 (ip address 1.1.1.2)
IP 2.2.2.2.46049 > 8.8.8.8.53: 6213+ A? google.it. (27)
IP 2.2.2.2.48326 > 8.8.8.8.53: 51778+ A? ping.ubnt.com. (31)
this is traffic exit eth7 (ip address 2.2.2.2):
IP 1.1.1.2.35327 > 8.8.8.8.53: 15853+ A? ping.ubnt.com. (31)
IP 1.1.1.2.50428 > 8.8.8.8.53: 32648+ A? google.it. (27)
Am I missing something ?
Here below my simple config without masquerade:
set firewall all-ping enable
set firewall broadcast-ping disable
set firewall group
set firewall ipv6-receive-redirects disable
set firewall ipv6-src-route disable
set firewall ip-src-route disable
set firewall log-martians disable
set firewall modify balance rule 100 action modify
set firewall modify balance rule 100 modify lb-group G
set firewall receive-redirects disable
set firewall send-redirects enable
set firewall source-validation disable
set firewall syn-cookies enable
set interfaces ethernet eth0 address 192.168.1.1/24
set interfaces ethernet eth0 description Local
set interfaces ethernet eth0 duplex auto
set interfaces ethernet eth0 firewall in modify balance
set interfaces ethernet eth0 speed auto
set interfaces ethernet eth1 duplex auto
set interfaces ethernet eth1 speed auto
set interfaces ethernet eth2 duplex auto
set interfaces ethernet eth2 speed auto
set interfaces ethernet eth3 duplex auto
set interfaces ethernet eth3 speed auto
set interfaces ethernet eth4 duplex auto
set interfaces ethernet eth4 speed auto
set interfaces ethernet eth5 duplex auto
set interfaces ethernet eth5 speed auto
set interfaces ethernet eth6 address 1.1.1.2/24
set interfaces ethernet eth6 description WAN
set interfaces ethernet eth6 duplex auto
set interfaces ethernet eth6 speed auto
set interfaces ethernet eth7 address 2.2.2.2/24
set interfaces ethernet eth7 description 'WAN 2'
set interfaces ethernet eth7 duplex auto
set interfaces ethernet eth7 speed auto
set interfaces loopback lo
set load-balance group G interface eth6
set load-balance group G interface eth7 failover-only
set load-balance group G lb-local enable
set protocols static route 0.0.0.0/0 next-hop 1.1.1.1
set protocols static route 0.0.0.0/0 next-hop 2.2.2.1
set service gui http-port 80
set service gui https-port 443
set service gui older-ciphers enable
set service ssh port 22
set service ssh protocol-version v2
set system conntrack expect-table-size 4096
set system conntrack hash-size 4096
set system conntrack table-size 32768
set system conntrack tcp half-open-connections 512
set system conntrack tcp loose enable
set system conntrack tcp max-retrans 3
set system host-name ubnt
set system name-server 8.8.8.8
set system ntp server 0.ubnt.pool.ntp.org
set system ntp server 1.ubnt.pool.ntp.org
set system ntp server 2.ubnt.pool.ntp.org
set system ntp server 3.ubnt.pool.ntp.org
set system syslog global facility all level notice
set system syslog global facility protocols level debug
set system time-zone UTC
Thanks for your help!