Howto Multi WAN-Load Balancing and failover with pfsense 2.0-BETA4
-
And, no more relevant with only one firewall rule and one gateway group, but anyway I want to mention that, your screenshot of firewall shows the failover rule before the loadbalancing rule. Since the first rule to match triggers the event of leaving firewall rules, you will only get failover with one line active with your ruleset. As any traffic from lan subnet will be redirected to failover gateway pool, which has two different Tiers, so as long as the Tier1 gateway is online, no traffic will be passed to Gateway with Tier2.
You're right, thanks for pointing out. The failover rule before loadbalancing forces the traffic to go always via the online gateway with more priority Tier. That kind of failover rule is generally used when we want some specific traffic to go via certain gateway, for example:
Proto Source Port Dest Port Gateway Description TCP LAN net * * 22 (SSH) Wan1FailoverWan2 LAN -> WAN1|WAN2 * LAN net * * * Wan1BalanceWan2 LAN -> WAN1+WAN2The above Firewall rules make all outbound SSH traffic to go via WAN1, and if it is down via WAN2. And load balance between WAN1 and WAN2 all else traffic.
-
i'm not sure, if your attempt with 3 gateway groups with same ruleset in firewall will work as you desired. If you have some spare time to check, i would appreciate your efforts.
Yesterday I've configured a virtual network with pfsense pfSense-2.0-BETA4-20100905-1704(i386) and 2 routers. I created a Load Balance group (same tier). Then I applied the Firewall Load Balance rule and made sure that I had a DNS for each provider.
Load Balancing worked fine, but for whatever reason failover didn't work. The gateway was correctly marked as offline, but it didn't affect my pfsense routing tables…
Today, I repeated the tests with pfSense-2.0-BETA4-20100911-1502 (i386), but I got even worse results. Not only it didn't work, but the Gateway Status were always 'unknown'. Fortunately, I'm not using pfsense 2.0 in production environments. :)
As I wasn't able to make L.B. and failover work with just 2 gateways, obviously I didn't go for 3. I'll probably repeat the tests in a couple of weeks or so. Sorry.
-
Hi guys… I tried to configure the gateways in failover mode, like daedalous, and don´t work.
-I configure 2 gateways (1 cable modem and 1 ADSL). I put the monitor IP and Advanced options (weight and Packet Loss thresholds).
-I make the group, Cable Tier1 and ADSL Tier2, tigger by packet loss.
-Put the Firewall-> Rule with advanced option Gateway and select the correct gateway group.
When I go to Status->Gateways menu I see the gateways status it´s Online.
But the status Gateways Group it´s Unknown
In the Status->System Log I can see:
Sep 12 21:58:52 php: : The gateway: Fiber_failover_Arnet is invalid/unkown not using it. Sep 12 21:58:52 php: : The gateway: Fiber_failover_Arnet is invalid/unkown not using it. Sep 12 21:58:52 php: : Gateways status could not be determined, considering all as up/active.Iam using the latest version available online:
8.1-RELEASE FreeBSD 8.1-RELEASE #1: Sat Sep 11 15:29:22This must be related to:
http://forum.pfsense.org/index.php/topic,28212.0.htmlPatricio
-
Today, I repeated the tests with pfSense-2.0-BETA4-20100911-1502 (i386), but I got even worse results. Not only it didn't work, but the Gateway Status were always 'unknown'.
Same for me, demarchip, the devel team has made some change that affect gw groups, making impossible to get working load balance or failover.
ticket
#889, #876 explains the issue:
http://redmine.pfsense.org/issues/876 -
i'm using BETA 4 Sep 11 release now and Load Balancing seems not to work
-
Yes, it is broken at the moment, hopefully fixed soon.
-
What part of "it's broken at the moment" implied it should be fixed yet? :-)
-
I haven't had a chance to try it yet but there were some fixes checked in. If you update and then gitsync, and maybe reboot after that, it would be worth trying.
-
hufft..
i still cant use load balance.. can you help me? sorry for my bad english -
hufft..
i still cant use load balance.. can you help me? sorry for my bad englishThe pictures don't load.
Try writing what have you triad to do… -
http://tujuhcahaya.com/oray/pfsense/1.jpg http://tujuhcahaya.com/oray/pfsense/2.jpg http://tujuhcahaya.com/oray/pfsense/3.jpgthat is the adress.. im sorry..
-
http://tujuhcahaya.com/oray/pfsense/1.jpg http://tujuhcahaya.com/oray/pfsense/2.jpg http://tujuhcahaya.com/oray/pfsense/3.jpgthat is the adress.. im sorry..
