Linking Two pfsense Servers for different tasks
-
Hi
I don't really know what section to put this in sorry if its in the wrong section
I currently have a pfsense server that is dhcp server, captive portal, load balancing 2 x wan, squid proxy and squid gaurd when i have squid enabled the load balancing does not work properly i have 358 users and when squid is turned off the load balancing works brilliant it 2 x 30mb down and 3mb up lines and it runs very fast load shared pretty evenly across the two lines
When i have squid on it gets very slow under heavy traffic and the second line rarely gets used tried different variations of setting to no avail
I have another server and was wondering if i install it as load-balancing only then use the LAN on this as the wan for the existing server would this help with the load-balancing and proxy running together
Also would you reccomend a setup like this or would this be no help
Also how would i log into the load balancer server when its setup from the lan
-
I'm pretty new to pfSense, so someone with more experience would probably be better here. However, I don't see why it wouldn't work. You would just create a network that is only between the two pfSense boxes. Getting into the load balancing pfSense box would just require that you type in that one's ip address. The box that all the users will be behind will forward that request to the next network in which the box connected to the internet will respond.
I think I remember seeing that Squid is not working with load balancing. I'm not sure if that will be changed in 2.0 or not, but having two boxes should fix the issue.
-
It will work but there are a few things you need to take note of.
Any servers you have behind the 2nd box needs to have AoN setup for them (double Nat too).
e.g. On Load Balancer, you need to NAT WAN port 80 to say, destination port 9090 on the 2nd pfsense WAN IP. On the 2nd box, you need to NAT 9090 to server IP port 80. Manual AoN needs to be setup to statically NAT the server 80 to outgoing 9090 and on the first box, 9090 to 80. This should remove any problems with hosting servers.You will use a private IP subnet between the 2 boxes and so you MUST allow private IP addresses on the Squid box's WAN interface.
To reach the load balancer's WebGUI, simply punch in it's LAN ip. The first box ( the squid box) will know how to route the request.
-
Thank you so much for your reply
unfortunately i have only had the time now to revisit this task
I have a general understanding of pfsense so please forgive my ignorance
If i understand correctly the 1st box will be the load balancer and the 2nd box will be dhcp,dns,captive portal squid, etc
you mentioned to setup an aon i am sorry that one I have not come across before and after googling i can not find an explanation if you could help me i would be very grateful
the Nat of the ports, if i understand correctly is 1st box Nat port 80 to 9090 than 2nd box is 9090 to 80
The private subent i will set up also
I will attempt today and report back
-
Hi sorry about the AON found it in the Nat section on the web GUI its Advanced Outbound NAT i'm can be stupid at the best of times
I set the lan on the 1st box to 10.0.0.1
the wan on 2nd box is 10.0.0.2
the lan on 2nd box is 192.168.1.1
to be honest it seems to be working very good with out forwarding the ports i can log into both boxes and web seems to be routing fine but i am sure there is a reason for the forwarding of the ports so i will set that up next
are these address ranges fine or does anyone recommend better ranges to use
-
I'm using two pfsense boxes. too.
WAN1 –
--- pfSense1 - LAN -172.16.0.0/16 - WAN - pfSense2 - LAN - 172.17.0.0/16
WAN2 --/pfSense1 is using LoadBalancing
pfSense2 is using SQUID + Lightsquidit ist NOT necessary to double NAT on pfSense1 and pfSense2. I do NAT on pfSense1 to the internet, but I use pfSense2 as a router/firewall WITHOUT NAT. To disable NAT, you can google or find information in the pfSense docs ( http://doc.pfsense.org/index.php/How_can_I_completely_disable_NAT%3F.
It works for me fine. But you need to configure Static Routes on pfSense1.