• Allow default gateway switching - dual WAN

    Locked
    4
    0 Votes
    4 Posts
    9k Views
    S
    Create gateways group "System->Routing->Groups". When u creat it choose priority "tiers" of u gateways switching and trigget level "member down". Make the firewall rule: action:pass interface:lan protocol:tcp/udp source:lan subnet destination:lan subnet (AND CHECK "NOT"!!!) destination port range: any Gateway: "name of u gateways group"
  • SQUID + Filter + HAVP + LoadBalancing + FailOver

    Locked
    13
    0 Votes
    13 Posts
    7k Views
    H
    Hey onkeldav83, i fixed by following this thread http://forum.pfsense.org/index.php/topic,31869.msg201968.html now it's working, but it's in the 'transparent mode' its very slow on my vm.  i'll use it like "squid as parent" for some special case such as terminalserver thx for help
  • Squid with dual-WAN loadbalancing - anyone figured it out?

    Locked
    6
    0 Votes
    6 Posts
    3k Views
    J
    We have a multi-WAN setup and Squid load-balancing works (inbound).  We use transparent mode for Squid, so by default it just uses the default gateway for inbound traffic (leaving the other two gateways unused).  So, we setup a floating firewall rule to "loop" the interface traffic to that default WAN gateway then thru to the gateway group.  Then, we added "tcp_outgoing_address 127.0.0.1" to Custom Options of Squid to complete the setup. Sample: we have OPT1, OPT2 (as default GW), OPT3 interfaces in a gateway group (GG1). Our firewall rule looks like this: Proto: TCP Source: OPT2 address Port: * Destination: * Port: 80 (HTTP) Gateway: GG1 Don't forget to tick "Apply the action immediately on match" for the floating rule. ;) [image: load-balance.jpg] [image: load-balance.jpg_thumb]
  • Unable to route traffic between bridged interfaces

    Locked
    3
    0 Votes
    3 Posts
    1k Views
    R
    I found this walkthrough too… http://blog.qcsitter.com/BSDay/index.php?/archives/2-Bridging-the-pfSense-2.x-wireless-divide.html
  • Openvpn with multi-lan

    Locked
    12
    0 Votes
    12 Posts
    7k Views
    jimpJ
    For lack of a clearer way to convey it: [image: 19397974.jpg] It's not a bug, it's just how the network functions in the OS. When the traffic tries to leave, it follows the routing table to pick the interface the traffic will leave from. If there is no static route for the other IP, it goes out the default gateway. pf is not yet involved. As the traffic tries to leave via the default gateway, pf can catch it, and using floating rules, it can redirect that traffic to use a different gateway. There is no magic "go this way" direction to give a packet before it consults the routing table. Even if a service is bound to an IP on a different interface/WAN, that doesn't mean it will leave that way. If a service is bound to 'any' then for TCP it will reply from the address that the client connected to. If it's UDP, it will usually reply from the "closest" interface, which in most cases is the default route. So unless you have default route switching enabled (which is still buggy, but mostly works, there is an open ticket, notably it has issues with ppp links), if your default route WAN is down, it will still attempt to send firewall-initiated traffic that way, or if there is no default, the OS behaves badly. Most of that is FreeBSD's fault, though we have tried to work around it over the years. The NAT is required because, in the case of things like UDP or a TCP connection initiated from that interface, in order for pf to shove it out the other WAN, it needs to have the IP of that WAN applied as it leaves that way. You can't send traffic out WAN2 with WAN1's IP, and it wouldn't come back anyhow because (a) the ISP on WAN2 would probably drop it and (b) WAN1 is down so it can't receive the traffic.
  • Use Virtual IP for Outbound

    Locked
    6
    0 Votes
    6 Posts
    14k Views
    dotdashD
    The Multi-WAN doesn't make a difference, there are rules for each of your WANs. You just have to make sure the more specific rule comes before the default rule on each WAN. The SQUID may be a problem, I don't run it. If you can, try getting everything running without the SQUID. If it works as expected you can put SQUID back into the mix and see what happens.
  • Failover working…except port 80?

    Locked
    3
    0 Votes
    3 Posts
    947 Views
    J
    I actually figured out it was a problem with NAT. Thanks
  • Default route switching does not seem to work

    Locked
    2
    0 Votes
    2 Posts
    1k Views
    C
    It doesn't work on PPP*, known issue with a ticket open and one of the reasons it's off by default.
  • Block private networks (RFC 1918) option && routing question

    Locked
    2
    0 Votes
    2 Posts
    8k Views
    C
    Firewall rules are strictly for ingress traffic on that interface. If you want to block private networks from leaving your network, you have to add such a rule on LAN. Yes your ISP definitely should not have their management interfaces of anything open to customers, but whether I'd contact them about that…maybe not. I've heard of that ending badly in too many cases ("you're hacking our network!"). Depends, if I knew the provider and had a relationship with them, I would let them know.
  • 2 Networks to 1 WAN

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    G
    Should be fine keep me posted!!
  • Multi-WAN Issue with one Link always

    Locked
    12
    0 Votes
    12 Posts
    4k Views
    C
    The gateways are constantly checked whether online or not, and are brought back online as soon as they're up and functioning again.
  • Is it possible to virtualize Multi ISP ?

    Locked
    1
    0 Votes
    1 Posts
    987 Views
    No one has replied
  • Routing Problem

    Locked
    1
    0 Votes
    1 Posts
    922 Views
    No one has replied
  • Newbie looking for some help

    Locked
    6
    0 Votes
    6 Posts
    1k Views
    C
    No, when you're bridging, the firewall is transparent. You use the upstream gateway. Details in http://pfsense.org/book
  • Routing appears broken

    Locked
    11
    0 Votes
    11 Posts
    3k Views
    P
    Good plan. Configured using ip sla and track on the Cisco. Thanks for the help :)
  • 3 wan load balanced FTP in PASV mode will lost connections

    Locked
    2
    0 Votes
    2 Posts
    1k Views
    jimpJ
    Probably not a bug, just a quirk of how your clients are going out. The control connection goes out one WAN, the data connection gets round-robin'd out another. You may want to direct FTP into a failover group instead of a load balancing group.
  • OpenOSPFd never comes back after connection failure

    Locked
    6
    0 Votes
    6 Posts
    2k Views
    A
    Fixed. http://forum.pfsense.org/index.php/topic,48406.0.html
  • Second WAN packetloss

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • 2 WAN AND 1 LAN WITHOUT BALANCING

    Locked
    6
    0 Votes
    6 Posts
    2k Views
    D
    @heper: using a proxy would work to block certain sites (see squidguard). But as you noted: running all through the proxy would render the firewall rules useless to devide the traffic over the WANS (for http/https traffic atleast. other protocols would still work) Thanks. But i need the 2 groups for all protocols including http/https. Thanks again.
  • 2 gateways on one interface

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    E
    Thanks for your response. There seems to be something interferring whit vlan's on my network. I dicided that i am going to upgrade one of my network cards to an intel quad cards they are on the market for 40-80 euro. Perhaps change System: Gateways page to reflect this when attempting to add two gateways to the same interface. Thanks for the support
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.