4 WAN / 1 LAN
-
Hi to all.
I have 4(four) Internet connections (four different ISP's). Currently Two of them is shared by WinGate, and two are used by specific offices/OR used when two basic connections fall (happened not to often but happened).I would like to connect/control thry pF-box for fallower and some load balancing all four connections.
WAN's:
1. Wireless PPOE - dynamic public IP
2. Cable DHCP - dynamic public IP
3,4. ADSL routers - local Gateway address
…some explain in advance connections 1,2 are terminated with standard RJ45 which I plug in Wingate box.
...connections 3,4 are distant from planned location of pfsense box, so I must (can?) use it thry swithce's.Some basic help&advice is needed.
I assemble pfsense-box with 3 NIC (LAN/WAN/OPT1) to replace WinGate, and stuck with fallower & strange DNS problem.- My primary DNS (win2003) is configured to forward DNS to Wingate box and this work well.
when I replace Wingate with Pfsense... and use only one WAN, all work well, but when I configure it for DualWan and unplug WAN (for testing)... I can resolve only address from DNS cache.
How I must configure static routes?
When this start work ok with two basic connections.. I would try to add ADSL routers.Long post, simple question :-). I promise that I will make nice beginners walkthrough at end of my pfsense configuration.
Regards
- My primary DNS (win2003) is configured to forward DNS to Wingate box and this work well.
-
The DNS issue has been addressed many times, but anyway…
You should use a DNS server from each provider, Configure a static route to the second provider's DNS server via the OPT1 gateway.
My two cents:
Why do you need to have a forwarder configured on the 2003 server? Seems like it would be easier if it resolved DNS directly. -
There is walkthrough for setting up simple load balancing here http://doc.pfsense.org/index.php/Multi-Wan/Load-Balancing
This should help you with getting DNS working when 1 WAN fails.
Theres more info in a new version here, but it is not yet complete.
http://doc.pfsense.org/index.php/MultiWanVersion1.2 -
Tnx, will re-read both walkthrough.
primary dns in on 2003 because logging&caching… and I am unsure is there speed issue for resolving local computers&where to find names if pfsense do this.
Any comment&advice for remote (thry switches) WAN connections.
Regards
-
For now I do not have problems.. tnx for advice.
Now… i think about adding two ADSL connectons tp pfsense...but as I said those two connections are distant, and I cannot connect it to this particular pfsense box.
Some advice is needed.
- ADSL's currently have local gateway addresses (ex. ADSL1:192.168.1.254 & ADSL2:192.168.1.253), pfsense LAN NIC is 192.168.1.250.
What I want is to add those two connections to load balance pool & use it as they are physically connected to pfsence... (again.. for fallower/lodad balance/etc). Some routing throught LAN nic is needed, but.. is those acrobating suported and make sense to YOU :-).
Regards
-
Bul, I think there is a problem with both your ADSL routers being on the same subnet. The standard setup cannot do this. Some of the others here more expert than I may know if this can be done.
The way that will definitely work though is to split the 2 ADSL routers onto 2 subnets, and have two NICs and IP addresses assigned in pfSense. This is the way that the standard setup works.
If you use 2 NICs you can plug both into the same physical LAN (not ideal, but it does work), but you should also suppress ARP messages in System - Advanced Functions - shared physical network.
You might be able to multi home pfSense to use 2 IP addresses on the same NIC, but I don not know if this is possible or how to do it (I do not know much about comms on on freeBSD).
-
No… I think that I do not make it clearly... here is picture for better understanding.
I think about using two ADSL's with pfsense. They are connected to switch and work OK when some PC have their IP as GW.
-
OK, as I see it from your diagram:
pfsense does nothing with the 2 ADSL connections
pfsense accepts traffic from the PCs and should load balance the traffic through the WiFi and cable connections.
Is this what you are trying to do?
Is the server in your diagram the wingate server?
-
No, server is Win2003 local domain controller.
What I want is to make use of those two ADSL's trough LAN interface of pfsense…
As i see for load balancing and fault tolerance I must to:
- route packet to specific conection
- check if those connection are conected
BOTH ot hose apply for ADSL's (or other type of connections connected on LAN not to pfsensebox)
I can:- route packet to gateways of both ADSL
- check if those ADSL's conneted
I ask for advice... how I can incorporate this "remote" connections (remote--not connected to pfsense)
May be I can do something with virtual addresses in pfsense...
OR
add unexisting OPT interfaces and link them to remote ADSL connections.. so pfsense wil "think" of it as those connections are connected physically.Best regards...
I know that mine situation is specific.... and interesting. -
Why not just add OPT interfaces and physically connect them? It's just ethernet running from the DSL routers/modems. Get a long patch cord or put a mini-switch in to extend to your pfSense box. Add temp VIPs on the LAN side until you switch everyones gateway. You might want to think about setting up CARP or at least having a cold swap unit, as a hardware failure on your firewall would be more serious if it's everyones gateway.
-
Yep, you are right about CARP… this will be next step.
I can't connect ADSL's direct to this particular pfsense. (ok i might, but with to much effort, ADSL's are on about 200 and 250m distant. (Three switches away :-) ).
Ok, thanks for help, will try to do something with routing.
I been sure that someone also have distant gateways and that there is some out of box solution.Best regards.
...any comments are welcome -
@BUL:
I can't connect ADSL's direct to this particular pfsense. (ok i might, but with to much effort, ADSL's are on about 200 and 250m distant. (Three switches away :-) ).
If you are getting an ethernet cable each from the ADSLs then you should be able to plug the ccables into pfSense. That way you will be able to use them as WANs. So instead of pluging them into the switch , you plug them into the pfSense. Doesnt matter how far away they are.
-
Sorry for late response, been on vacation.
No, I seek solution without plugging then in pfsensebox…
Regards
-
Is it only switches between the ADSL connections and your pfSense box? Are the switches VLAN capable? Or how about putting a pfSense box by the ADSL routers?
-
You would need to setup VLANs assuming that your router supports them.