Same issue as another thread that the OP has marked as solved.
Config created from the load balance template, then created VLANs, and then found load internet access broken if both WANs plugged in. Unplug the ethernet from one WAN and it works fine.
Something to do with modify balance being applied to only a physical interface and not the virtual interface?
firewall {
all-ping enable
broadcast-ping disable
group {
address-group ROUTER_IP {
address 10.0.0.1
address 172.16.0.1
address 10.128.0.10
}
address-group broadband-quality-monitor {
address 80.249.99.164
description ""
}
network-group VLAN_NETS {
network 10.0.0.0/9
network 172.16.0.0/16
network 10.128.0.0/24
}
}
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians disable
modify balance {
rule 1 {
action modify
modify {
lb-group G
}
}
}
name VLAN_IN {
default-action accept
rule 10 {
action accept
destination {
group {
address-group ROUTER_IP
}
}
}
rule 20 {
action drop
destination {
group {
network-group VLAN_NETS
}
}
}
}
name WAN_IN {
default-action drop
description "WAN to internal"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
}
name WAN_LOCAL {
default-action drop
description "WAN to router"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
rule 21 {
action accept
description "allow ping from ThinkBroadband Broadband Quality Monitor"
icmp {
type 8
}
log disable
protocol icmp
source {
group {
address-group broadband-quality-monitor
}
}
}
}
options {
mss-clamp {
mss 1412
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
}
interfaces {
ethernet eth0 {
description "Internet - WAN"
duplex auto
pppoe 0 {
default-route auto
firewall {
in {
name WAN_IN
}
local {
name WAN_LOCAL
}
}
mtu 1492
name-server auto
password /* ... */
user-id /* ... */
}
speed auto
}
ethernet eth1 {
description "Internet - WAN 2"
duplex auto
pppoe 1 {
default-route auto
firewall {
in {
name WAN_IN
}
local {
name WAN_LOCAL
}
}
mtu 1492
name-server auto
password /* ... */
user-id /* ... */
}
speed auto
}
ethernet eth2 {
duplex auto
speed auto
}
ethernet eth3 {
duplex auto
speed auto
}
ethernet eth4 {
duplex auto
speed auto
}
ethernet eth5 {
duplex auto
speed auto
}
ethernet eth6 {
address 10.128.0.1/24
description Local
duplex auto
firewall {
in {
modify balance
}
}
speed auto
vif 2 {
address 10.0.0.1/9
description Corporate
firewall {
in {
name VLAN_IN
}
}
}
vif 3 {
address 172.16.0.1/16
description Guest
firewall {
in {
name VLAN_IN
}
}
}
}
ethernet eth7 {
duplex auto
speed auto
}
loopback lo {
}
}
load-balance {
group G {
interface pppoe0 {
}
interface pppoe1 {
failover-only
}
}
}
service {
dhcp-server {
disabled false
hostfile-update disable
shared-network-name LAN {
authoritative enable
subnet 10.128.0.0/24 {
default-router 10.128.0.1
dns-server 10.128.0.1
lease 86400
start 10.128.0.100 {
stop 10.128.0.254
}
/* Deleted lots of static IP mappings for network infastructure switches and APs */
unifi-controller 10.128.0.10
}
}
shared-network-name LAN-Corp {
authoritative disable
subnet 10.0.0.0/9 {
default-router 10.0.0.1
dns-server 10.0.0.1
lease 86400
start 10.10.0.1 {
stop 10.10.10.254
}
/* Deleted lots of static IP mappings for corporate PCs */
}
}
shared-network-name LAN-Pub {
authoritative disable
subnet 172.16.0.0/16 {
default-router 172.16.0.1
dns-server 172.16.0.1
lease 86400
start 172.16.0.2 {
stop 172.16.255.254
}
}
}
}
dns {
forwarding {
cache-size 150
listen-on eth6.2
listen-on eth6.3
listen-on eth6
listen-on eth1
listen-on eth0
}
}
gui {
https-port 443
}
nat {
rule 5000 {
description "masquerade for WAN"
outbound-interface pppoe0
type masquerade
}
rule 5002 {
description "masquerade for WAN 2"
outbound-interface pppoe1
type masquerade
}
}
ssh {
port 22
protocol-version v2
}
}
system {
conntrack {
expect-table-size 4096
hash-size 4096
table-size 32768
tcp {
half-open-connections 512
loose enable
max-retrans 3
}
}
host-name ubnt
login {
user administrator {
authentication {
/* ... */
}
level admin
}
}
ntp {
server 0.ubnt.pool.ntp.org {
}
server 1.ubnt.pool.ntp.org {
}
server 2.ubnt.pool.ntp.org {
}
server 3.ubnt.pool.ntp.org {
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}
time-zone UTC
}
/* Warning: Do not remove the following line. */
/* === vyatta-config-version: "config-management@1:conntrack@1:cron@1:dhcp-relay@1:dhcp-server@4:firewall@5:ipsec@5:nat@3:qos@1:quagga@2:system@4:ubnt-pptp@1:ubnt-util@1:vrrp@1:webgui@1:webproxy@1:zone-policy@1" === */
/* Release version: v1.8.0.4853089.160219.1614 */