Where/How to post Procedure for setting up Dual Wan for current Snapshot?
-
Another nice addition would be to automatically update the monitor IPs for dynamic connections.
Hoba, hopefully I can figure out how to get the information from the modem/routers without resorting to "device specific code". Since my ISP does "dual wan outgoing load balance" on my connection, that is 2 gateways, this update is essential to check for a real failover condition.
This might be seem a bit overkill, but I can easily see situations where multiple ISPs fail, because they share some common infrastructure,
My understanding of how the pools work is that if there are 3 items in a Balancing pool, that pool will be balanced amongst the active items and if there are 3 items in a Failover pool, that pool will failover to the next item in the active list. Will this not take care of the situation you mentioned?
for example if you have 2 ADSL connections and 1 cable connection, the 2 ADSL could easily go down at the same time.
We are in agreement. This setup, exactly, is being tested and it will be documented once real results are achieved.
-
My understanding of how the pools work is that if there are 3 items in a Balancing pool, that poll will be balanced amongst the active items and if there are 3 items in a Failover pool, that poll will failover to the next item in the active list. Will this not take care of the situation you mentioned?
Note quite sure I follow this, but leave it for now - its late and I'm still learning.
We are in agreement. This setup, exactly, is being tested and it will be documented once real results are achieved.
Excellent !!
I've got failover working now and have tested and all looks to work fine.
Just 1 question in the meantime I hope has a simple answer :)
What gateway do I choose if I want traffic (from LAN) to favour a particular WAN link, but be able to fail over to the other?
(I understand that choosing the balanced pool can use any WAN as it sees fit,
and that using a specific gateway (for example 192.168.0.1) will force traffic to that WAN connection - which will mean nothing happens if that link fails
If I use a failover gateway, will that favour the first WAN connection mentioned, but then use the other(s) in order when the first fails?) -
Yes, just build a failoverpool for that. It will always use the first available gateway in the list and only failover to the next one if the above gateway(s) are down.
-
I've done this diagram which I think explains the various ways in which a load balancing setup with the new failover capability can be used. Is this right?
Its all working like a charm now, and it is not wrongly reporting link down either. ;D
-
Hey Pootle, that's an excellent diagram. Why don't you add it to the DOC example. The only difference is the DOC sets the the WAN1(192.168.0.2) and WAN2(192.168.2.2) and The modem/routers to 192.168.0.254 and 192.168.2.254. If you can make those changes it will be consistent with the rest of the DOC.
-
KK, I'll do it in the morning ;D
-
Why don't you add it to the DOC example.
Like this? http://doc.pfsense.org/index.php/Multi-Wan/Load-Balancing
btw its from a visio diagram, if anyone wants the visio file, I'm happy to send it…
-
Hi Pootle, :-[ Unfortunately, I was not specific enough.
In the pfSense Box where you have Gateway 192.168.0.1 it should read 192.168.0.254
In the pfSense Box where you have Gateway 192.168.2.1 it should read 192.168.2.254At the edge of the pfSense box where you have 192.168.0.254 it should read 192.168.0.2
At the edge of the pfSense box where you have 192.168.2.254 it should read 192.168.2.2At the entrance to the modem/ routers where you have 192.168.0.2 it should read 192.168.0.254
At the entrance to the modem/ routers where you have 192.168.2.2 it should read 192.168.2.254To insert the image "in-line" where you thought it would be most helpful you click the image ikon in the menu. It will put code in that looks like this [[Image:Example.jpg]].
You then preview the document. Go to the link where you place the example.jpg. You will not see the image. Click the link. It will take you to a page where you can download the image. Name the image something sensible. Once you save the image it appears where you want it.To deteremine the location, ask yourself where the image would be most helpful to you in building the pfsense box if you were doing it for the first time.
Thanks very much for contibuting. :D
-
Ah! I see. That explains why I got confused reading the guide :D
I've uploaded a new version, can you check it's now got the right addresses? If OK, then I'll look at editing the page.
-
It is perfect! ;D It will be interesting to see how you position it. It is good to get new views. This always improves the documentation.
-
I also contributed to the documentation. Added the FTP workaround for multiwan and a little cosmetics :)
'''''FTP WORKAROUND'''''
If you want to connect to a FTP server you need to add this workaround to your LAN tab.
Proto Source Port Destination Port Gateway
TCP LAN net * 127.0.0.1 1 - 65535 *Now the packets are forwarded correctly and you can connect to an FTP server.
'''''pORT FORWARDING'''''
-
Hey Pootle, you positioning was great. The image was just put in line. It is a little tricky to do it but it worth it to show your image! The image will make it easier for the next person. ;D
Hi Lampie, thanks for you additon. :) I know it is hard to add stuff to the DOCO and make it look good! Unfortunately, I did not get a chance to fully test FTP. My outgoing FTP(passive) has worked with the default rules. Is the workaround is for Inbound or oubound FTP? Why is that rule superior to the default LAN -> Wan1 rule in the Firewalls:Rules image?
-
OK, that's good. I wasn't sure if it was better to link to the picture or put it in line, but you're right, it works well in line.
Just thinking of doing a short note on running in a VM….
-
Hey Pootle, you positioning was great. The image was just put in line. It is a little tricky to do it but it worth it to show your image! The image will make it easier for the next person. ;D
Hi Lampie, thanks for you additon. :) I know it is hard to add stuff to the DOCO and make it look good! Unfortunately, I did not get a chance to fully test FTP. My outgoing FTP(passive) has worked with the default rules. Is the workaround is for Inbound or oubound FTP? Why is that rule superior to the default LAN -> Wan1 rule in the Firewalls:Rules image?
For active FTP connections (not passive) i needed this rule to make it work. Inbound i still have to test, but that is working out of the box i guess. Without this rule i simply cant make any connection (active) to a FTP server.
What i also noticed is that rebooting the system makes after you add these LAN rules is the best option. I had some problems with not correctly forwarding ports to a designated IP adress. After a reboot this worked fine.
-
Thanks Lampie, I have also noticed that a reboot after filter changes appears to always make things work that may not have worked before. I will check out your comments later this week.
-
Update to the latest snapshot. There are bits in place to make sure check_reload_status is always running now.
-
Dunno if you spotted it yet Vescovo, but I've amended the document page on multi wan to put in proper wikiheaders so you get a content list at the front - makes it easier to find the bit you want….
-
No I did not. :-[ Let me try it. The change page did not point it out to me. Sounds great. :)
I like it. Many, many thanks. ;D Your doco on the Vitual Machine vesion of pfSense is very good. -
Hey Pootle, that's an excellent diagram. Why don't you add it to the DOC example. The only difference is the DOC sets the the WAN1(192.168.0.2) and WAN2(192.168.2.2) and The modem/routers to 192.168.0.254 and 192.168.2.254. If you can make those changes it will be consistent with the rest of the DOC.
Hey all,
I apologize for diggin up ole posts, but I got a slightly 'on topic' query that needs attention:
Looking through the doc.pfsense.org wiki page for LoadBalancing, the modem/routers are stated to have none-routable IPs on them as stated above by Vescovo. What if they were on bridge mode with Static IPs on? Would setting up the Pfsense WAN ports to the designated Static IPs work as good as it is set on the Wiki? (Thus eliminating the need for three consecutive local net to only your LAN Network…)
I have a setup based on the wiki's Howto following word by word but substituting the Static IP Addresses instead and I get online connectivity just fine, but for some reason my portforwards are not working and I suspect that it has something to do with the bridge mode of the ADSL modems.
Please advice. Thanks a bunch.
-
It should work as you say, and as long as your WAN / WAN2 subnets and addresses are set up OK, it should all work OK.
I did try setting my linksys am200 into bridge mode but could not even persuade it to connect, so I gave up and let it NAT
Sounds like you have outgoing access working, but are just having trouble with incoming port forwarding. I use port forwarding in my config OK, but haven't used it with modems in bridge mode.