PFsense 2.0RC2 Dual Wan Loadbalance

heper

well, it depends what you want.

do you want loadbalancing or failover ?

loadbalancing includes failover.

failover does not include loadbalance.

It is possible you'd want both. for example you could want to loadbalance http traffic, but only want failover for https/ssh/…

but generally you would just need 1 rule to setup loadbalance or failover.

so i'd suggest you remove all the rules in your lan tab except the bottom one. So leave only the one having "loadbalanceWans" as gateway.  Then check in system-->routing if the "loadbalanceWans" group has all the gateways in the same tier.

This should be enough for basic loadbalancing+failover.

Nachtfalke

@wifijunkie
first rule for accessing subnet on WAN1

• • • WAN1 net * WAN1 none
      first rule for accessing subnet on WAN2
• • • WAN2 net * WAN2 none
      third rule for LoadBalancing
• • • • * LoadBalancingGroupe none

You do not need seperate Failover rules. This wa sin pfsense 1.2.3
In pfsense 2.0 you use groups. If both lines in a groupe have the same Tier, then they do LoadBalancing. If one line goes down, it automatically switchs over to the other line. So you just need one rule for LoadBalancing/Failover.

@heper
The firewall rules apply from TOP to DOWN

As far as I know - I do not use manual outbound NAT - this rules apply from BOTTOM to TOP

The firewall rule example I made at the beginning of my post has the correct order.

jikjik101

@Nachtfalke:

@wifijunkie
first rule for accessing subnet on WAN1

• • • WAN1 net * WAN1 none
      first rule for accessing subnet on WAN2
• • • WAN2 net * WAN2 none
      third rule for LoadBalancing
• • • • * LoadBalancingGroupe none

Sir,

Do i still need the first and second rule for loadbalance or the third rule is sufficient enough?
I'm sorry, I'm confused with your post as well as with heper's.

So in my FLOATING tab, this rule is enough to loadbalance and failover if my gateways are on same tier?

• • • • * LoadBalancingGroup none

Nachtfalke

I do not use floating rules.

I just use these 3 rules for loadbalancing with to DSL connections.

1.) first rule for accessing subnet on WAN1
*    *    *    WAN1 net    *    WAN1    none

2.) first rule for accessing subnet on WAN2
*    *    *    WAN2 net    *    WAN2    none

3.) third rule for LoadBalancing
*    *    *    *            *    LoadBalancingGroupe    none

The first 1.) and the second 2.) rules are only that I can connect the particular WAN subnet.

DSL1–-WAN1-Router(IP 192.168.200.1)-----
                                                              pfsense(IP 192.168.50.1)----Client(IP192.168.50.20)
DSL2---WAN2-Router(IP 192.168.100.1)-----/

If I onle use LoadBalance as Gateway in my firewall rules, and the client would like to connect to the WAN1-Router with the IP 192.168.200.1 then it is NOT sure to reche it, BECAUSE the LoadBalancer in pfsense does Round Robin. So it may be possible, that my connection goes out over WAN2-Router and then will not reach the IP 192.168.200.1
To make sure, that this works correct, I/you have to use the rules 1.) and rule 2.) above the LoadBalancing rule 3.)

heper

you don't need any rules in the floating tab.

if you put nachtfalke's rule #3 in you LAN tab then you should be good to go

geeknik

This is what load balancing an 18mbit uverse and 6mbit dsl connection gives me on http://www.speedtest.net:

I can get anywhere from 2.2MB - 2.4MB/s download on torrents and such. I'm happy. ;)

Nachtfalke

I don't know if you really know, what LoadBalancing in pfsense means. LoadBalancing in pfsense uses Round Robin.

If you are downloading one file and you use LoadBalancing, than you could download this file with 18Mbit/s OR 6Mbit/s but you will NEVER get 24Mbit/s while downloading one file!

If you are downlaoding two files, than one can be downloaded with 18Mbit/s and the other file with 6Mbit/s. LoadBalancing increases you overall bandwith but it will not increase your download speed.

asterix

That's correct.

But you can still increase your download speed if you are downloading torrents. It takes advantage of the multiple connections and uses both lines to give you the full bandwidth simultaneously.

Nachtfalke

@asterix:

That's correct.

But you can still increase your download speed if you are downloading torrents. It takes advantage of the multiple connections and uses both lines to give you the full bandwidth simultaneously.

Nothing else I said before :-)

jikjik101

Thanks for the help. I think I got it now, but I cannot test it yet because my default ISP is down.
But in my firewall log, all traffics are going out to the my default ISP even it is down. Is this okey?
I just put the:

1.) first rule for accessing subnet on WAN1
*    *    *    WAN1 net    *    WAN1    none

2.) first rule for accessing subnet on WAN2
*    *    *    WAN2 net    *    WAN2    none

3.) third rule for LoadBalancing
*    *    *    *            *    LoadBalancingGroupe    non

Trigger: Packet loss