How to disable loadbalancing and use failover on dual wan config?
-
If you want to connect to a ftp site like ftp://ftp4.freebsd.org/pub/FreeBSD it's most likely that a rule at the top is needed.
Outgoing FTP (LAN -> Internet) UPDATED PORTS, please check!
1. Ensure that the FTP helper is not disabled on Interfaces, LAN
2. If you have a restrictive ruleset or are utilizing policy based routing for multiple-wans then ensure that you have permitted traffic to 127.0.0.1 / ports 8000-8030. IE: allow LAN subnet to 127.0.0.1 8000-8030. This rule should be on top of all other LAN rules that utilize policy based routing.
3. If you are running windows try turning off the windows firewall -
I just noticed that pfSence is switching back from WAN to OPT1. I disconnected OPT1 interface and it switched back to WAN in the matter of minutes it switched back to OPT1 again! It looks like OPT1 is default no matter what:)!
I can see it on http://www.myip.dk/ as well!
Am i doing something wrong?
-
What does your pool status report (status>loadbalancer)? In case WAN is down though it should not be down check your monitor IP for reliability.
-
I was all green I mean WAN is green and OPT1 is yellow and then it all switched to green. I trace routed google and found third hope router from the source. I ping -t that router and have not seen any dropped packets I changed my monitor on WAN to that one and it is still the same.
I also noticed that as soon as OPT1 switches to green ip on http://www.myip.dk/ changes to opt1.
-
Then better check your firewallrules. Maybe you are using some other pools for some special rules? There definately is no issue with this. I'm using it with a mix of failover and loadbalance rules at work with 3 wans. Recheck your configuration.
-
Can using Automatic outbound NAT rule generation (IPsec passthrough), or Sticky Connections be a problem?
-
Advanced outbound nat won't be a problem. I'm using it as well as my setup is using CARP VIPs. Not sure about sticky connections but that might be a problem with failoverpools. Disable and retest and report back please.
-
Disabled Sticky Connections, pulled out opt1 interface and rebooted pfSence with only one WAN connected to it. As soon as I plugged opt1 cable into nic it changed ip to OPT1.
I also don't have any other firewall rules but one i mentioned above!
Can it be faulty hardware? ( I am guessing not?!) I was thinking overnight that my pfSystem runs of Dell Poweredge 2600 with integrated 1GB nic card which I am using as WAN in and the rest of nic's are 100M Netgear. Can it possibly be that pfSence assigns priorities base on speeds?
-
I'm out of ideas for now :-\
-
Hi there!
I went further and switched wan interfaces, changed Failover WAN2FailsToWAN. It did not help. I got into the same thing!!!
So I went further and moved rules around. So, from
* LAN net * 172.16.10.0/24 * 172.16.10.1
* LAN net * 172.16.16.0/24 * 172.16.16.1
* * * * * WAN1FailsToWAN2
* * * * * 172.16.16.1I changed it to:
* LAN net * 172.16.10.0/24 * 172.16.10.1
* LAN net * 172.16.16.0/24 * 172.16.16.1
* * * * * 72.16.16.1
* * * * * WAN2FailsToWAN1WAN- T1 with 172.16.10.1 gateway
WAN2- Cable Modem with 172.16.16.1 gatewaySo now my WAN2- Cable Modem Interface become primary, but as soon as it fails it will not switch to WAN- which is T1.
I am guessing that the problem has something to do with rules.
Can anyone explain what am I doing wrong??? ???
Thanks.
-
I still think this is a state issues. Does it work if you manually reset states after failover (diagnostics>states, reset states)? If so it's the effect that I described already above which is normal.
-
Well I rebooted pfSence. Then I double checked interfaces(ip's and gateways). Load balance showed everything in green. I verified that I been connected through cable modem IP. Then I pulled the plug off WAN(integrated GB NIC)- T1 and that was it. I can ping from WAN interface to T1 router, but I can not get internet to work.
Is not that strange? Before I could not get the Internet to work using GB nic as my Cable modem WAN and now I can not get to the Internet through the same GB nic. But in the second case GB nic serves as a T1 WAN(fail over lan)?
-
Thanks Hobo for helping out!!!
This is not the hardware! I just re-did the system on another pc. I setup pfsense on different Internet networks and set up worked.
Now I striped everything down to WAN/ Lan setup. I am having a problem even with trying to get out to the internet. I checked monitor, static ip on the cable modem and on pfsence interface. I enabled pass any from wan rule and could not ping Comcast wan interface.
Have you ever come a cross that Comcast had issues with their SMC router modems and pfSence?
Thanks again for helping out!!!
-
I have heard from a lot of people using comcast and pfSense together. One common issue seems to be that the cablemodems sometimes need a reboot if you connect a new device (like replacing an old router with pfSense) as thy seem to cache tho old macadress for ages in their ARP-cache. I also have heard from people where the nexthopgateway seemed to not clear the ARP-cache and they had tto take down the line for 10-20 minutes before a new pfSense install was working there.
-
Thanks Hobo for info!
I also was wondering if static ip and enabled firewall on Cable modem router may also cause problems?
Shell I use DHCP instead?
-
For sure I would shut down the firewal of the cable modem. Maybe that's exactly what's happening, your DHCP IP gets dropped and that's why traffic stops then.
-
All my thanks go to Hobo!!!
You are the man!!!!
That was the SMC 8014 Cable Modem - Comcast businesses gateway problem!!!!
I disable DHCP, firewall, restarted the router couple of time since it was not renewing IP. And it worked like a charm!!!!!
Thank you!!!! Thank you!!! Thank you!!!!!
-
Glad this issue finally got resolved :D
-
Sorry to hijack your post V-man but I’m trying to implement the very same thing as you “failover with no load-balance” but I’m not getting as far as you and wonder if one of you could give me some pointers.
My config:
Pfsense = v1.2
WAN 20MB = 82.29.156.0/22 SM = 255.255.252.0 GW = 82.29.156.1
Backup (OPT1) 2MB = 82.29.148.0/22 SM = 255.255.252.0 GW = 82.29.148.1
LAN = 192.168.100.0/24 SM = 255.255.255.0 GW = 192.168.100.254
Wireless = 192.168.101.0/24 SM = 255.255.255.0 GW = 192.168.101.254
http://www.cheesyboofs.co.uk/home.htmI too have read the http://doc.pfsense.org/index.php/MultiWanVersion1.2 document but got compleetly confused at the sticky connections as my understanding is that I don’t want any so that if my wan connection fails my mail server’s mail's will be re-routed out the fall back gateway.
So with this in mind I tried to set up a lab environment on some spare hardware dropping the load balance rule from the pools and keeping WAN1->WAN2 and WAN2->WAN1 filters. This is where I got stuck, no matter what I do I cannot get it to fail over to Backup (OPT1) but the fact that others can and the fact that I’m not exactly thick means I must be missing something obvious. I think I’m just getting confused with the terminologies used in PFSENSE when I’m comparing it to other distributions I have used.
Any help you guys can give would be great
-
Did you set the gateway(s) of your LAN rule(s) to the failover pools?