Dual WAN + LoadBalancing + Fail over + Multiply Public IPs
-
Here is the error I get:
Acknowledge All .:. 03-01-07 09:32:43 - [filter_load]There were error(s) loading the rules: /tmp/rules.debug:138: syntax errorpfctl: Syntax error in config file: pf rules not loaded The line in question reads [138]: pass in quick on $lan route-to { ( fxp0 ) , ( fxp1 64.20.192.185 ) } round-robin from 192.168.1.0/24 to keep state label USER_RULE: LAN > WAN + WAN 2 .:.
-
Try to convert this rule to 2 rules. 1 that blocks access to the alias through default gateway and another one that passes traffic to any through the pool. That's the same like the one rule with the NOT option.
Does that solve the problem? Looks like there is something wrong with the NOT option to me.
-
What about the DNS? I just want to know if that is OK. Right now both lines are shown as down and one of them is plugged in and running.
Nope, still getting the error message, but it is narrowed down.
Acknowledge All .:. 03-01-07 12:15:32 - [filter_load]There were error(s) loading the rules: /tmp/rules.debug:141: syntax errorpfctl: Syntax error in config file: pf rules not loaded The line in question reads [141]: pass in quick on $lan route-to { ( fxp0 ) , ( fxp1 64.20.192.185 ) } round-robin from 192.168.1.0/24 to any keep state label USER_RULE: LAN > WAN + WAN 2 .:.
Status Proto Source Port Destination Port Gateway Description
pass TCP LAN net * * HTTPsall Wan2FailoverWan1 LAN > WAN2|WAN1 HTTPS
block * LAN net * Internal * * LAN > Default (block)
pass * LAN net * * * LoadBalancer LAN > WAN + WAN 2 -
What version are you running? If this is not the latest snapshot please upgrade. Something is pretty strange with your setup.
-
Updated it this morning before a posted. it is like 2-27-07.
-
Then I'm at a loss. I recommend starting over. There must be something somewhere wrong that we don't find this way. I recommend setting up and testing step by step to see where things break.
-
This was a start over. Followed everything in that wiki for the load balancing. Bet if I followed it again, I will still get the same error and I am nit sure why I am getting the error. Everything looks good.
-
Everything is working now. It might have been hitting the error because the internet wasn't working right. I had a subnet problem in WAN and WAN2 finally got up yesterday. Plugged it all in and load balancing shows both running and did a restart and no rule errors came up. Everything seems to be OK. Do you know if I can block the DHCP range from the internet? This is for a school and the students will bypass the proxy if there is a way to, so we block the DHCP range and put a proxy into there computers so it gos to the proxy then out.
-
I was also wondering about the multiply Public IPs and how I set them up. I made virtual IPs for it and set up NAT Routing with it. I noticed the NAT 1:1 and looked it up. Do I need to put anything in that? I did to see if it would do anything and now I get errors from it.
-
Well I have everything working. Just down to one problem, FTP on the load balance. I put the work around in and it is at the top but it doesn't seem to work. Anyone have any ideas why or what I need to do to get FTP to work on our load balance?
The work around was:
Proto Source Port Destination Port Gateway
TCP LAN net * 127.0.0.1 1-65535 * -
Change the rule to include ports 8000-8020 instead of 65535
-
You only have set 65535 and not the whole range 1-65535. There is an even easier rule to accomplish this:
pass, protocol any, source any, destination 127.0.0.1, gateway default.That should do the trick when it is at the top of your rules at LAN.
-
I have it going from 1 - 65535 hoba, so that not the problem. Sorry about that I spaced it wrong. there is an extra 1 that is for the 1 - 65535 next to the 127.0.0.1. I will try your way and see what I get.
-
Neither one seem to work. I tried to download a file of an FTP and it just times out. sullrich, I am not sure what you mean by have the rule in ports 8000-8020. If it gos to 65535 then it should already have 8000-8020 included. I tried both ways, here is a screen shot of the 2 rules. One is disabled right now so I could test. Then I remembered that only one WAN is hooked up so I switched from the default to the working WAN (WAN2) and tried it again. And yes, the FTP site I was using to test is working.
BTW hoba, remember when I asked about weighting a Load Balance system so it gos down one line more the the other? I had a though and was wondering what your thoughts were on it, we are looking for more of a redundant system for our internet. So couldn't I use a Failover? WANfailoverWAN2 would go down the WAN and then use WAN2 when WAN gos down, but will it switch back to WAN when it s up again?
-
Never mind about the FTP, it seems to be working now. I guess it only works with the default.
-
OK, everything is working…... OK not everything. I am having trouble with one of my Internet lines now. It is Comcast and they give out a DHCP address. So I got a Linksys BEFSR41 and I put it between the Router and the Modem (see picture). I am doing load balancing with Comcast and another ISP but the Linksys router keeps going down after it runs for like 10 - 20 minutes. Tech support can't help me because of the way it is set up and the router works good. I can plug into it and just use that router to go out. I did 539 some odd pings to it's DNS server to see if it would handle the pings and it did fine. It is just when it is plugged into the pfSense. I have tried making it DMZ pfSense but that doesn't help. Anyone have any ideas that can help me? pfSense is configured right and all because it worked with a similar set up using a Cisco 806. Just need to find out if it is the Linksys or if maybe I did configure something wrong.
-
Update on the problem. I found out that I can switch ports and the internet for that ISP will start working for me for a while, after that it fails and I have to switch ports. Anyone have any idea what could be causing this and how to fix it?