Dual WAN - LoadBalancing – Only one WAN is being utilized?
-
If the ISP allows you to ping its servers then it is better than pinging the modem (the modem might be up and pinging but have no connectivity - I use the modem as monitor because my ISP sometimes blocks pings).
So find 2 server (DNS servers, web servers, anything on the ISPs network) that you can ping reliably and use one each for for each WAN interface. nmap is good for this kind of thing.
-
@sai:
If the ISP allows you to ping its servers then it is better than pinging the modem (the modem might be up and pinging but have no connectivity - I use the modem as monitor because my ISP sometimes blocks pings).
So find 2 server (DNS servers, web servers, anything on the ISPs network) that you can ping reliably and use one each for for each WAN interface. nmap is good for this kind of thing.
I've used such monitors, and they are pingable, directly on the ISP's network,.. but only one WAN connection works. No Load balancing.
I just don't get it –-
What are the bare essentials to getting a Dual Wan setup with Load-Balancing to work. (Don't even care about Fail-Over).
Are their particular rules, or some general setup steps I likely need to re-adjust?
Again, both IP's are being recognized as (DHCP) on the console.
The only way to get WAN2 to ping out from the Diagnostic utility is to make it static.
Can I look at "states" and tell what my problem is?
-
screenshots of your setup would help.
-
@sai:
screenshots of your setup would help.
Ok thought there might be a method to output the general state of things all nice and neat. But I'll get to work on screenshotting everything, and then converting to a JPG, and hosting.
-
**Edit: Removed Most of the images as they are not what is currently configured, and are no longer needed. **
~~Ok – Here are all the screenshots I thought would be even remotely pertinent. Anything you do not see here, assume it is left at 'default' out of the box.This should tell you everything you ever wanted to know about my setup -- I'm baffled.
It is in no particular order:~~
Thanks!
P.S – If some of the pictures don't show, try reloading the page,.. They are all there. -
Ok – Here are all the screenshots I thought would be even remotely pertinent. Anything you do not see here, assume it is left at 'default' out of the box.
This should tell you everything you ever wanted to know about my setup -- I'm baffled.
It is in no particular order:
--snip--
I know its alot, but I tired to cover everything,.. If you can help me out please do.
Thanks!
P.S – If some of the pictures don't show, try reloading the page,.. They are all there.
you need to change the gateway on youre lan rule to LB-WAN-WAN2
to make youre loadbasing working -
Well before looking back at this topic for responses I just went into every conceivable option in PFsense and configured it all from scratch.
I have Load Balancing working.. Yay! – I'm not certain what exactly I did that caused it to work, because I did dozens upon dozens of changes.
Though in response to the last suggestion,.. I did just that.
First I created an Alias called "Modems"
In which had two Host IP's attached: (The IP of WAN1 Cable Modem, and IP of WAN2 Cable Modem)
Though an alias alone is like a stored variable, does nothing.
So I went into Firewall rules, and Under the LAN tab created a rule.. Here is where that Alias came in handy.
Action was set to PASS
Interface, obviously LANProtocol : ANY
Source: LAN Subnet
Destination was inverted and selected type to : Single host or alias (So I could point the LAN to the two IP's)
Address: Modems (Remember the Alias I created with both Public IPs)
Gateway: Set to the LB-WAN-WAN2This is probably the most important change. But I can't say for sure if this did it.
I also created rules under LAN for WAN1 and WAN2 -- Basically LAN to WAN1's Gateway, and LAN to WAN2's Gateway.
Haven't checked failover yet,.. but will after this post.
Now on to smaller problems.
Port Forwarding.. Sheesh. lol.
I go into Firewall: NAT: Port Forward
And create a new NAT for Utorrent. I have Utorrent set to statically use port: 50498
So I created two NAT Port Forwards, something like this:
WAN - TCP/UDP - 50498 - 192.168.1.1 (68.113.90.164) - 50498
WAN2 - TCP/UDP - 50498 - 192.168.1.1 (24.178.189.108) - 50498The port is still not forwarded in Utorrent. So my config isn't right of course, but I think this is an issue that can be easily dealt with from you guys.
Basically, forwarding in Firewall: NAT: Port Forward is the way to go right?
From there I create rules.
Say I am creating a Rule:
Interface (I select WAN) (correct?)
External Address: I leave it at "Interface address"
Protocol: I select TCP/UDP (Give them both an opening)
External port Range: From: Other -- 50498 To: Other: (Left empty)
NAT IP: 192.168.1.1 -- (I really have no idea if this is correct.. It wants the IP addy of the "server" on which I want the ports mapped.. I could only come up with my General Gateway for my LAN.) This right?
Local port: Other: 50498
Saved.
I created the exact same rule again, only using WAN2.
Do I need to create a LAN rule?
What have I screwed up in that port forward that is causing it not to open up 50498 on my LAN? I Want that port to be opened to all computers on the LAN. I will configure Utorrent to use that port on them all. Given they are Dynamically addressed (Prefferred to me) - I don't wish to setup each computer statically.
Are there any other areas I need to be changing for the port to open up?
This should be pretty basic,.. Port forward question. I appreciate any answers.
(Also, is there any command I can execute to give you guys a verbose output of my configuration?) -- So I don't have to spend 30mins taking screenshots and cropping them then uploading? Something where you can scan and check this and that. A sort of diagnostic system check/function log dump command I suppose.
So I could say, ok I'm having this problem,.. Here is my config -- (Copy/Paste) the configuration info.. Or attach it if its extremely large, etc.
Thanks again.. About to test failover, and will report back.
PS: The Diagnostic Utility still won't function on Ping when WAN2 interface is selected. (It does say "Multi-Wan is not supported from this utility") -- But a few people told me to run the ping/traces from there to test Multi-Wan function. Seems sort of contradictory.
I've found that I can just go to www.whatismyip.com and now that load balancing is on it will switch out on a every other basis. Round Robin I suppose. (Between WAN1 and WAN2)
Horray for Load balancing. I was beginning to think that with my Dual Cable Modem setup, from the same ISP, that it somehow just wouldn't work with Pfsense. I'm glad I proved that wrong.
Again, thanks, and I anticipate your replies on the forwarding.
-
WAN - TCP/UDP - 50498 - 192.168.1.1 (68.113.90.164) - 50498
WAN2 - TCP/UDP - 50498 - 192.168.1.1 (24.178.189.108) - 50498you need to replace 192.168.1.1 with the ipadres off the pc on youre lan where the ports are to be forwarded to
also make sure the auto firewall checkbox is checkt with those 2 rules -
Thank you –
I was initially trying to avoid putting in a Dynamic IP in a NAT rule,.. but these MAC addy's request the same ip's,.. so it is no big deal.
That worked, thank you.
As for the 'check box' -- I did not see one,.. I created rules manually where they needed to be.
I have two 10Mbps/1Mbps connections -- And downloading several Linux Distro's and 2 seasons of House,.. I am getting what I hoped for.. 1500-2100KB/s down total,.. and 175-250KB/s upload.. So the Dual WAN Load balancing is working even with the crazy environment of Bit Torrent. (I know it was recommended to use one WAN for Torrents.. but I wanted to try initially anyway) --
Also, I've limited my Upload to 175KB/s and Download to 1.5 Meg/s and with the balancing web browsing and other functions are running as fast as if No other processes/downloads/uploads were even occuring.
Very pleased.
Oh, and forgot to add -- Failover works.
It doesn't automatically resume a connection already initiated, but the next one fails over.
IE: If I went to a command prompt and put in Ping X.X.X.X -t
And let it go, its pinging fine.. no loss.
I unplug the Cable modem that has been assigned via Load Balancing (Showing activity) for that particular connection. It will then show time-outs... and continue to do so. However, if I stop it, and re-issue the command with that modem unplugged it will resume on the other modem.
Can't ask for much more than that.
I have alot to learn with this software, but I'm glad I've gotten 90% of the functionality I intended on working so far.
Next is security.
I have 4 NICS -- Only utilizing 3 of them. 2 WAN's, one LAN.
Given I have an extra one already installed,.. is there any benefit of using it, perhaps to segment LAN from WAN.. more security? Anything beneficial? Or am I pretty much where I need to be.
Lastly,.. now SNMP and other such protocols can be monitored , whereas with the Linksys SOHO routers I was using didn't support it.
Any good traffic monitoring software you guys recommend? (Even stuff that needs to be purchased).
I'd like to be able to monitor the packets/traffic from each individual computer, and not just the ENTIRE bandwidth of the LAN. I know its possible,.. Some ideas would be great.
Thanks,
-
you have 2 times the same isp ??? not 2 diferend isp's ????
failover and balingsing works only with 2 differend networks
Just wanted to point out for anyone who might search in the future about Two connections running off the Same ISP network, Yet, have two seperate modems –-
That, YES, it does work, in every conceivable way.
Failover and Balancing works within the same ISP. How do you think the Cable company is managing their own data traffic? They are using the same methods failovers and load balancing among their OC-X lines, and even lines in the CMTS area.
Don't mistake this with someone who has a SINGLE cable modem -- And wants dual wan connectivity. You must have TWO seperate Public IP's, and furthermore devices/modems that are provisioned at X speed.
IE: Two cable modems provisioned at 3Mbs/256Kbps --
Or A cable modem provisioned at 5Mbps/512Kbps and a DSL modem at 3Mbps/384Kbps -- And on and on.
As long as you get two seperate Public IP's from the ISP, that are each capable of independently pulling their own bandwidth it will work.
I know it isn't typical to have Two Cable modems, off the same ISP,.. But for the price it is by far the cheapest manner to obtain a 2 MegaByte per second connection (Overall) (20Mbps). Basically 20Mbps for 80$.
Without getting off topic too bad, of course there are reliability problems with residential lines, and running off the same infrastructure if one drops so will the other modem,.. But again, for the money it isn't a bad deal (If you utilize that kind of bandwidth).
Of course a DSL connection and cable connection would be much more reliable with Failover, as it isn't likely both would be out of service at the identical times, so you'd pretty much have a 100% uptime.
I am relatively new to this software,. but with this Router I've built, I would feel somewhat confident in using the load balancing/failovers in a small business,.. It seems that stable. And will only become more stable as time progresses. I am very impressed with the software, and how new it is vs stability.
Just to reiterate: A Cable Modem and another Cable Modem from the Same ISP will work with Pfsense at full capacity on Load-Balancing and Failover.
I would imagine a DSL modem, and an additional DSL modem from the Same ISP will work just as well. (Of course speeds varying on provisioning levels/line quality).