PFsense 2.0RC2 Dual Wan Loadbalance
-
It works. Not enough there to tell you anything about your setup specifically.
-
I can confirm, it does in fact work… :)
-
My setup is as follows
WAN = 192.168.100.5 with GW 192.168.100.1 <– this i can ping from any lan interface wit no problems
WAN2 = 192.168.50.254 with GW 192.168.50.1 <-- I can't ping this gateway from any lan interface
WAN is a 10mbits 4G connection and WAN2 is a 3mbits adsl connection.
I have setup the gateway group WAN -Tier1 and WAN2 - tier1 and called it MultiGW
I have setup a rule for a lan interface to use the MultiGW.
What am I missing?
-
You need a rule above the rule that load balances for the directly attached networks, i.e. if you want to be able to hit 192.168.50.1 or 100.1, otherwise it will route that traffic to the load balance pool which may go out the wrong WAN and hence won't work. As is, it will load balance traffic outbound but you won't be able to reliably hit the modems.
-
@cmb:
You need a rule above the rule that load balances for the directly attached networks, i.e. if you want to be able to hit 192.168.50.1 or 100.1, otherwise it will route that traffic to the load balance pool which may go out the wrong WAN and hence won't work. As is, it will load balance traffic outbound but you won't be able to reliably hit the modems.
Sorry for i dont quite understand what you want me to do. How should I set those rules up?
-
Got it to work. I forgot to set up the outbound rules because i have the Manual Outbound NAT rule generation active.
-
Got it to work. I forgot to set up the outbound rules because i have the Manual Outbound NAT rule generation active.
Can you show your rules here? I have load balancing working here (1x 18mbit adsl2 and 1x 6mbit adsl) but I can only ping 1 of the 2 modems. ;)
-
You have the same problem as described above. because you have balancing your pings will be balanced across the two modems. Which probably means all your pings go to one mode as you dont have enough load to get pf to send traffic to the second one yet.
Turn off modem 1 and I bet you can then ping modem 2 :)
-
Does this look right?
-
too many rules ….
you don't need to specify a failover an loadbalance for each wan interface.
the way you have your rules setup there , they will override each other. (the rules are processed from bottom to top)
So rules higher up will override lower ones -
How would you set up failover and loadbalance? which rules should edit or remove?
too many rules ….
you don't need to specify a failover an loadbalance for each wan interface.
the way you have your rules setup there , they will override each other. (the rules are processed from bottom to top)
So rules higher up will override lower ones -
well, it depends what you want.
do you want loadbalancing or failover ?
loadbalancing includes failover.
failover does not include loadbalance.
It is possible you'd want both. for example you could want to loadbalance http traffic, but only want failover for https/ssh/…
but generally you would just need 1 rule to setup loadbalance or failover.
so i'd suggest you remove all the rules in your lan tab except the bottom one. So leave only the one having "loadbalanceWans" as gateway. Then check in system-->routing if the "loadbalanceWans" group has all the gateways in the same tier.
This should be enough for basic loadbalancing+failover.
-
@wifijunkie
first rule for accessing subnet on WAN1-
-
- WAN1 net * WAN1 none
first rule for accessing subnet on WAN2
- WAN1 net * WAN1 none
-
-
-
- WAN2 net * WAN2 none
third rule for LoadBalancing
- WAN2 net * WAN2 none
-
-
-
-
- * LoadBalancingGroupe none
-
-
You do not need seperate Failover rules. This wa sin pfsense 1.2.3
In pfsense 2.0 you use groups. If both lines in a groupe have the same Tier, then they do LoadBalancing. If one line goes down, it automatically switchs over to the other line. So you just need one rule for LoadBalancing/Failover.@heper
The firewall rules apply from TOP to DOWNAs far as I know - I do not use manual outbound NAT - this rules apply from BOTTOM to TOP
The firewall rule example I made at the beginning of my post has the correct order.
-
-
@wifijunkie
first rule for accessing subnet on WAN1-
-
- WAN1 net * WAN1 none
first rule for accessing subnet on WAN2
- WAN1 net * WAN1 none
-
-
-
- WAN2 net * WAN2 none
third rule for LoadBalancing
- WAN2 net * WAN2 none
-
-
-
-
- * LoadBalancingGroupe none
-
-
Sir,
Do i still need the first and second rule for loadbalance or the third rule is sufficient enough?
I'm sorry, I'm confused with your post as well as with heper's.So in my FLOATING tab, this rule is enough to loadbalance and failover if my gateways are on same tier?
-
-
-
- * LoadBalancingGroup none
-
-
-
-
I do not use floating rules.
I just use these 3 rules for loadbalancing with to DSL connections.
1.) first rule for accessing subnet on WAN1
* * * WAN1 net * WAN1 none2.) first rule for accessing subnet on WAN2
* * * WAN2 net * WAN2 none3.) third rule for LoadBalancing
* * * * * LoadBalancingGroupe noneThe first 1.) and the second 2.) rules are only that I can connect the particular WAN subnet.
DSL1–-WAN1-Router(IP 192.168.200.1)-----
pfsense(IP 192.168.50.1)----Client(IP192.168.50.20)
DSL2---WAN2-Router(IP 192.168.100.1)-----/If I onle use LoadBalance as Gateway in my firewall rules, and the client would like to connect to the WAN1-Router with the IP 192.168.200.1 then it is NOT sure to reche it, BECAUSE the LoadBalancer in pfsense does Round Robin. So it may be possible, that my connection goes out over WAN2-Router and then will not reach the IP 192.168.200.1
To make sure, that this works correct, I/you have to use the rules 1.) and rule 2.) above the LoadBalancing rule 3.) -
you don't need any rules in the floating tab.
if you put nachtfalke's rule #3 in you LAN tab then you should be good to go
-
This is what load balancing an 18mbit uverse and 6mbit dsl connection gives me on http://www.speedtest.net:
I can get anywhere from 2.2MB - 2.4MB/s download on torrents and such. I'm happy. ;)
-
I don't know if you really know, what LoadBalancing in pfsense means. LoadBalancing in pfsense uses Round Robin.
If you are downloading one file and you use LoadBalancing, than you could download this file with 18Mbit/s OR 6Mbit/s but you will NEVER get 24Mbit/s while downloading one file!
If you are downlaoding two files, than one can be downloaded with 18Mbit/s and the other file with 6Mbit/s. LoadBalancing increases you overall bandwith but it will not increase your download speed.
-
That's correct.
But you can still increase your download speed if you are downloading torrents. It takes advantage of the multiple connections and uses both lines to give you the full bandwidth simultaneously.
-
That's correct.
But you can still increase your download speed if you are downloading torrents. It takes advantage of the multiple connections and uses both lines to give you the full bandwidth simultaneously.
Nothing else I said before :-)