Dual WAN + LoadBalancing + Fail over + Multiply Public IPs
-
Cool. Is it a firmware update or do I have to install that different? I was trying the firmware upload but it was saying:
The digital signature on this image is invalid.
This means that the image you uploaded is not an official/supported image and may lead to unexpected behavior or security compromises. Only install images that come from sources that you trust, and make sure that the image has not been tampered with.Do you want to install this image anyway (on your own risk)?
-
These images are not signed. just confirm that you want to apply the update. In case you have already pools set up edit them after applying the update, delete all poolmembers and readd them with the new logic.
-
Hi Hoba,
Do we still have to edit the pools? -
Only when going from a config that was generated with the old logic (manually entering gateway IPs) to the new snapshots with the different logic (referencing interface names).
-
A just had a thought. When setting up Dual WAN, don't you need to put both DNS IPs in to pfSense? If so, how and where? Also, is it possible to do a transparent proxy system with load balancing?
-
Transparent proxy won't work currently with loadbalancing, at least when using the squid package on pfSense itself. Only connections through the pfSense can be balanced. We are working on making the DNS setup easier currently but for the meanwhile you need the procedure with static routes that can be found numerous times here in the forum.
-
What if I am not using pfSense Squid pack? I have a Squid and Privoxy proxy server that is independent, but I would like to make it so they can't get around it. If they can bypass our proxy, they will do it and it means big trouble for us.
-
You can transparently redirect traffic back to your proxy and only allow the proxy to leave to the internet on port 80. These connections then can of course be balnced. This limitation only affects services that are run directly at the pfsense itself.
-
I am having trouble getting everything working now. My fiber line just got down so I am doing some testing. One NIC is plugged int the fiber gateway and the other is in my router for the other line (can't take the internet down). So I followed the load balancing in the documents but it doesn't seem to work right. it says both are down. The only changes are some of the names that were used. I can't figure out why it isn't working like it should.
I have cable with DHCP and a fiber line with Static. Both with different DNS servers. I will try and get some screen shots posted, but the screen shots in that document are almost the same as mine.
-
Make sure you do not use the same monitoring IP at both interfaces. monitoring IPs have to be unique.
-
They are different. One is looking at a router at 10.10.10.1 and the other is looking at the gateway at 64.20.192.185. So they are different. Also found out that my new line has some problems so it is down right now. Will adding DNS servers to the XML config and then uploading really work? And here is a screen shot of my static routes for the DNS, was wondering if I did it right as well as my rules. Getting alerts that something is wrong with one of them, the one that says LAN > WAN + WAN2. It is set up like the help doc for load balancing with fail over.
http://doc.pfsense.org/index.php/Multi-Wan/Load-Balancing
-
The screenshots look valid to me. Make sure your monitor IPs are pingable and mapped to the correct interface. What exactly is the error message that you get? You can copy paste it from status>systemlogs.
-
It is a filter load rule error. I didn't see it in the log. It comes up in the alert window and it says the rule with description "LAN > WAN + WAN2" can't load. This rule is the second one in the list (the one with the bad circle around it). I also have one of my internet's hooked up to the system to get it going but the load balancer shows it off line and I am not sure why. I know the monitor IP is pingable and they are mapped right. My other concern is the DNS, did I set it up right? I also have one DNS from the 2 in the General Settings and the others are in th Static Routes.
-
Here is the error I get:
Acknowledge All .:. 03-01-07 09:32:43 - [filter_load]There were error(s) loading the rules: /tmp/rules.debug:138: syntax errorpfctl: Syntax error in config file: pf rules not loaded The line in question reads [138]: pass in quick on $lan route-to { ( fxp0 ) , ( fxp1 64.20.192.185 ) } round-robin from 192.168.1.0/24 to keep state label USER_RULE: LAN > WAN + WAN 2 .:.
-
Try to convert this rule to 2 rules. 1 that blocks access to the alias through default gateway and another one that passes traffic to any through the pool. That's the same like the one rule with the NOT option.
Does that solve the problem? Looks like there is something wrong with the NOT option to me.
-
What about the DNS? I just want to know if that is OK. Right now both lines are shown as down and one of them is plugged in and running.
Nope, still getting the error message, but it is narrowed down.
Acknowledge All .:. 03-01-07 12:15:32 - [filter_load]There were error(s) loading the rules: /tmp/rules.debug:141: syntax errorpfctl: Syntax error in config file: pf rules not loaded The line in question reads [141]: pass in quick on $lan route-to { ( fxp0 ) , ( fxp1 64.20.192.185 ) } round-robin from 192.168.1.0/24 to any keep state label USER_RULE: LAN > WAN + WAN 2 .:.
Status Proto Source Port Destination Port Gateway Description
pass TCP LAN net * * HTTPsall Wan2FailoverWan1 LAN > WAN2|WAN1 HTTPS
block * LAN net * Internal * * LAN > Default (block)
pass * LAN net * * * LoadBalancer LAN > WAN + WAN 2 -
What version are you running? If this is not the latest snapshot please upgrade. Something is pretty strange with your setup.
-
Updated it this morning before a posted. it is like 2-27-07.
-
Then I'm at a loss. I recommend starting over. There must be something somewhere wrong that we don't find this way. I recommend setting up and testing step by step to see where things break.
-
This was a start over. Followed everything in that wiki for the load balancing. Bet if I followed it again, I will still get the same error and I am nit sure why I am getting the error. Everything looks good.