Dual WAN - Time Based Gateway Changes
-
Easy approaches are the best :)
I would create a failover-pool with the satellite link as primary connection.
Then buy a timer for the power of the satellite receiver.
Like this one: http://home-solutions.hsn.com/improvements-digital-timer_pf-1031862_xp.aspx?club_id=1031862&sz=888&sf=HW0060&rdr=1&cm_mmc=Shopping%20Engine--NexTag--Home%20Solutions-_-Improvements%20Digital%20Timer%203957865And just set it so the sat receiver has no power for the time you dont want to use it ;)
-
I can see how that would work, but I can't imagine there is no other way to do it. There has got to be a way to setup a time based rule that can change the DG. Or have traffic that hits the firewall on a particular virtual IP be sent out the Sat connection.
-
On 2.0 in about 2 days will be the functionality through schedules.
-
Ermal,
I believe I am currently on 1.2.2. Will it be on the 2.0 release via a CVS snapshot? or is this a full 2.0 release?
Thanks,
Joshua
-
Its just a snapshot and only in the ALPHA based on 8 so not really suitable for now for production.
I will see if i can merge it on the 7.2 builds. -
I'd be happy to try it out. I grabbed the latest snapshot, but I think it was a 7.2 build. Can you point me at the latest ISO that would have it?
Thanks,
Joshua
-
http://snapshots.pfsense.org/FreeBSD8/HEAD/
-
Great! I'll try this out and see how the time based gateway rules work. Thanks again for pointing me at these.
-
Quick question, will the config from the 1.2 system I have work with the new version? Or do I need to manually rebuild all the rules and config etc?
-
It should upgrade correctly.
-
Well the policy based routing seems to be up and working. The only thing that is not working right now seems to be the RRD traffic graphs.
I've tried a few different CVS builds. But they all seem to have the same issue. I'm currently using:pfSense-Full-Update-2.0-ALPHA-ALPHA-20090505-1808.tgz
I get the following error: pfSense php: /status_rrd_graph_img.php: Failed to create graph with error code 1, the error is: ERROR: No DS called 'inpass' in '/var/db/rrd/wan
-traffic.rrd'/usr/bin/nice -n20 /usr/local/bin/rrdtool graph /tmp/wan-traffic.rr
d-16h.png –start -57600 -e -60 --vertical-label "bits/sec" --color SHADEA#eeeee
e --color SHADEB#eeeeee --title "hostname- WAN :: Traffic - 16 hours - 1 minu
te average" --height 200 --width 620 -x "MINUTE:30:HOUR:1:HOUR:1:0:%H" DEF:wan-i
n_bytes_pass=/var/db/rrd/wan-traffic.rrd:inpass:AVERAGE DEF:wan-out_bytes_pass=/
var/db/rrd/wan-traffic.rrd:outpass:AVERAGE DEF:wan-in_bytes_block=/var/db/rrd/wa
n-traffic.rrd:inblock:AVERAGE DEF:wan-out_bytes_block=/var/db/rrd/wan-traffic.rr
d:outblock:AVERAGE CDEF:"wan-in_bits_pass=wan-in_bytes_pass,8," CDEF:"wan-out_b
its_pass=wan-out_bytes_pass,8," CDEF:"wan-in_bits_block=wan-in_bytes_block,8,"
CDEF:"wan-out_bits_block=wan-out_bytes_block,8," CDEF:"wan-in_bytes=wan-in_byt
es_pass,wan-in_bytes_block,+" CDEF:"wan-out_bytes=wan-out_bytes_pass -
I found a link to fix the issue - http://forum.pfsense.org/index.php/topic,10855.msg69541.html#msg69541
-
So, I'm finding that while the rules work, when the policy based routing cuts over, the actual traffic doesn't cut over for a while. If I reset the state table, then everything routes properly. Is there any way to do that via a script or shell command? Then I could setup a simple cron job to reset the state table after the WAN cutover.
Any ideas?
-
What you are seeing is normal intended behaviour, I am sure you can kill the traffic, but the failover is always gradual so that stuff just keeps working.
I don't want filter reloads at work to shoot down the box.
-
If you are using schedules and polict-routing rules it should be fixed in last snapshots.
