Need help, 2 WAN, 1 LAN, Load Balancer
-
Aparently, the problem is that PFSense doesn´t support full load balancing and DNS Failover, unless both links are from the same provider. In my case I have 2 links from diferent providers, one Satellital and one ADSL, but the concepts of fail-over and load balancing are misunderstood:
For me load balancing with 2 links from two different ISP woul mean also a fail-over scenario from the connection point of view, it means that if one of the providers is down the traffic goes out to the other one and vice-versa. But in the case the power supply or a hard drive crashes, then everything is down. This is what I want to achieve, but when I try to set this up following the wiki tutorial, and the support .pdf files, all traffic different from port 80 is blocked silently without logs from the firewall messenger, https, ftp, p2p, etc…)
I've checked that the problem arises whe I choose the pool from the load balancing feature.
Does anyone knos if putting an internal DNS server would solve this issue?
Thanks for your replies.
-
I think internal DNS would fix the problem, because when the DNS server forwards, it'll just be NAT'd out via pfSense like normal packets are.
I could be wrong, try it. We run an internal DNS Server. it seems to work….
-
I also have Dual Wan ADSL but is from same ISP same download limit and same speed, but the DNS also does not fail over and DNS forwarder fails when WAN drops out and OPT is operational. An Internal DNS server is required. I have not yet fully understood how to configure this option in using the Dynamic DNS Client.
I have looked into a few options though and found that http://www.dyndns.com/services/ offer the option that supports "Round Robin" DNS services. I am not sure how this would work seeing that I have static IP address on both connections and if I am unable to have the DNS failover from WAN to OPT, then I am not sure that this is going to work either. I may be wrong as I want this option to work as well for our office setup.
DyDNS do support some dns for free but I am not sure if this option for a "Round Robin" DNS is free or FEE based. I am going to find out if my ISP offers the option for "Round Robin DNS" as it would make more sense to me, as they would be the first hop into the Inet. As if they go down then I have no connection anyway.
My ISP had some documentation for manually configuring the resolv.conf file to find their DNS, but that made no difference to finding their DNS when I simulated a failed router on WAN. I have just kept a couple of spare routers on hand, already configured in case this event happens.
I would like some advice from someone who has already successfully configured an Internal DNS "Round Robin" and how to go about configuring it.
BTW, on DyDNS, to find out about the "Round Robin DNS" just do a search in their site for Round Robin as they dont have it listed for easey selection.
Kindest Regards,
Craig Roy
Horizon IT Consultants. -
This could be a very dumb suggestion.
Let's say for your WAN link you've DNS servers 199.199.1.101 and 199.199.1.102.
Let's say for your OPT link you've DNS servers 200.200.1.101 and 200.200.1.102.Can you just specify DNS servers in your DHCP server???
Like specify primary DNS to be 199.199.1.101 and secondary to be 200.200.1.102.==============================
If "DNS failover" doesn't work because pfSense keeps looking at WAN for 200.200.1.102 when WAN goes down:Will specifying static route to 200.200.1.102 work?
-
This is now fixed in CVS. If you are running a full version then issue this command from a shell:
cvs_sync.sh releng_1
Next go to System -> Static Routes and create a "Interface Gateway checked" route through the correct WAN interface with the destination being the DNS server/32. Repeat this for any other DNS servers.
This will force traffic for the DNS server out the correct interface and will solve this problem during WAN port down times.
-
Hi Scott,
Just had a look at the static route form and I dont have this option to select the Interface as a gateway there. Is this option been included in the latest snapshot. I am using a full Beta2 version less snapshot.
Craig Roy
-
@CraigRoy:
Hi Scott,
Just had a look at the static route form and I dont have this option to select the Interface as a gateway there. Is this option been included in the latest snapshot. I am using a full Beta2 version less snapshot.
Craig Roy
This is now fixed in CVS. If you are running a full version then issue this command from a shell:
cvs_sync.sh releng_1
-
Thanks Scott,
I give this a go later tonight after work finishes and I have time to play with it a bit.
Thanks for all your help.
Craig Roy
-
I just realized that this was breaking the routing in certain situations so I have removed it.
The way to force the gateway correctly for DNS is to put in the next hop router to force the traffic out the correct pipe.
Sorry about that!
-
The way to force the gateway correctly for DNS is to put in the next hop router to force the traffic out the correct pipe.
May you explain in more detail?
What's "next hop router" in your situatioin?
e.g. if WAN-1 ISP gateway is 111.111.111.1, will that be your next hop router?
What about WAN #2's gateway? What should we do about it?After one figured out what's their "next hop router", where should they put "next hop router" info in pfsense? e.g. on which configuration page, under what options? Thank you.
-
Whatever the gateway is of that interface.
For example if your wan is fxp0 do:
route get default fxp0
Then use the gateway listed as the next hop gateway.
-
:(
why your lan is 168.254.1.0/24,your nat is configured for 192.168.1.0/24
can somebody explain the reason,is is right? ::) -
:(
why your lan is 168.254.1.0/24,your nat is configured for 192.168.1.0/24
can somebody explain the reason,is is right? ::)Actually it's a copy/paste error it should be LAN (source) (169.254.1.0/24)
Sorry about that
-
I have the ultimate live-cd version (1.0-RC1) but in this version don't are the new option "USE INTERFACE AS GATEWAY".
I Don't HD and need this option for solve DNS PROBLEM and other bug fixed.That I can do?
Can't compile new live-cd without this bug?
Tks friends