Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Linking Two pfsense Servers for different tasks

    Scheduled Pinned Locked Moved General pfSense Questions
    6 Posts 4 Posters 2.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B Offline
      byrnie
      last edited by

      Hi

      I don't really know what section to put this in sorry if its in the wrong section

      I currently have a pfsense server that is dhcp server, captive portal, load balancing 2 x wan, squid proxy and squid gaurd when i have squid enabled the load balancing does not work properly i have 358 users and when squid is turned off the load balancing works brilliant it 2 x 30mb down and 3mb up lines and it runs very fast load shared pretty evenly across the two lines

      When i have squid on it gets very slow under heavy traffic and the second line rarely gets used tried different variations of setting to no avail

      I have another server and was wondering if i install it as load-balancing only then use the LAN on this as the wan for the existing server would this help with the load-balancing and proxy running together

      Also would you reccomend a setup like this or would this be no help

      Also how would i log into the load balancer server when its setup from the lan

      1 Reply Last reply Reply Quote 0
      • T Offline
        tubaguy50035
        last edited by

        I'm pretty new to pfSense, so someone with more experience would probably be better here.  However, I don't see why it wouldn't work.  You would just create a network that is only between the two pfSense boxes.  Getting into the load balancing pfSense box would just require that you type in that one's ip address.  The box that all the users will be behind will forward that request to the next network in which the box connected to the internet will respond.

        I think I remember seeing that Squid is not working with load balancing.  I'm not sure if that will be changed in 2.0 or not, but having two boxes should fix the issue.

        1 Reply Last reply Reply Quote 0
        • D Offline
          dreamslacker
          last edited by

          It will work but there are a few things you need to take note of.

          Any servers you have behind the 2nd box needs to have AoN setup for them (double Nat too).
          e.g.  On Load Balancer, you need to NAT WAN port 80 to say, destination port 9090 on the 2nd pfsense WAN IP.  On the 2nd box, you need to NAT 9090 to server IP port 80.  Manual AoN needs to be setup to statically NAT the server 80 to outgoing 9090 and on the first box, 9090 to 80.  This should remove any problems with hosting servers.

          You will use a private IP subnet between the 2 boxes and so you MUST allow private IP addresses on the Squid box's WAN interface.

          To reach the load balancer's WebGUI, simply punch in it's LAN ip.  The first box ( the squid box) will know how to route the request.

          1 Reply Last reply Reply Quote 0
          • B Offline
            byrnie
            last edited by

            Thank you so much for your reply

            unfortunately i have only had the time now to revisit this task

            I have a general understanding of pfsense so please forgive my ignorance

            If i understand correctly the 1st box will be the load balancer and the 2nd box will be dhcp,dns,captive portal squid, etc

            you mentioned to setup an aon i am sorry that one I have not come across before and after googling i can not find an explanation if you could help me i would be very grateful

            the Nat of the ports, if i understand correctly is 1st box Nat port 80 to 9090 than 2nd box is 9090 to 80

            The private subent i will set up also

            I will attempt today and report back

            1 Reply Last reply Reply Quote 0
            • B Offline
              byrnie
              last edited by

              Hi sorry about the AON found it in the Nat section on the web GUI its Advanced Outbound NAT i'm can be stupid at the best of times

              I set the lan on the 1st box to 10.0.0.1

              the wan on 2nd box is 10.0.0.2

              the lan on 2nd box is 192.168.1.1

              to be honest it seems to be working very good with out forwarding the ports i can log into both boxes and web seems to be routing fine but i am sure there is a reason for the forwarding of the ports so i will set that up next

              are these address ranges fine or does anyone recommend better ranges to use

              1 Reply Last reply Reply Quote 0
              • N Offline
                Nachtfalke
                last edited by

                I'm using two pfsense boxes. too.

                WAN1 –
                           --- pfSense1 - LAN -172.16.0.0/16 - WAN - pfSense2 - LAN - 172.17.0.0/16
                WAN2 --/

                pfSense1 is using LoadBalancing
                pfSense2 is using SQUID + Lightsquid

                it ist NOT necessary to double NAT on pfSense1 and pfSense2. I do NAT on pfSense1 to the internet, but I use pfSense2 as a router/firewall WITHOUT NAT. To disable NAT, you can google or find information in the pfSense docs ( http://doc.pfsense.org/index.php/How_can_I_completely_disable_NAT%3F.

                It works for me fine. But you need to configure Static Routes on pfSense1.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.