Multi wan load balancing
-
Hi Guy's
My First post here, thanks for helping!
For the last week i have tried every solution offered on the wiki and everything available on Google search and i still can not get load balancing to work.
I have PFsense 2.0.2 running, with 2 Wan connections.
on PF we are running squid Proxy with Squid Guard to help filter out unwanted web content from popping up on the Schools computers.I have setup the gateway group, set the firewall rules to use the group as the default gateway, set floating rules, followed settings for dns.
tried my own variation of settings… But traffic only goes through one of the WAN connections (i have also tried all of the suggested settings in squid)Any one able to offer a bit of help?
Ill post screen shots of all of my settings as well.Thanks
-
post your settings and we might be able to help.
-
Her is a link to my settings, i have removed the floating rule.
https://skydrive.live.com/redir?resid=B6EBE8BF898FB9A4!194&authkey=!AGdkaMcBxaZdJ04
-
Your link to the settings is too small to read - even with magnification I cannot read the details.
Meantime - a suggestion. If you direct the firewall rule to use each wan (in turn) does traffic get redirected correctly to each WAN?
-
Thanks for the response
I have tried your previous suggestion and traffic flows correctly depending on the firewall rules.
Hopefully you can see this picture in a bit more details, if not i can only get better screens tomorrow.But here is some info on my setup:
1x Lan and 2x wan connections that go to 2 ROS servers, on each of the ROS servers we are running 5 different vpn connections.
|–----VPN------
|------VPN------
|------VPN------
|------VPN------
|------VPN------
|---------- ROS (10Mb Fiber)
--------PFSENSE
|---------- ROS (10Mb Fiber)
|------VPN------
|------VPN------
|------VPN------
|------VPN------
|------VPN------
PFSENSE Pacages:
Squid (transparent mode)
Squid Guard (used for Blacklist and forcing Safesearch)
Sarg Reports (User Usage reports)PFsense Setup:
Lan: 172.16.0.1
Wan 1: 192.168.0.1
Wan 2: 192.168.2.3Gateway Group: Rosgroup (contains both gateways on the same level)
Firewall rules :
LAN: all traffic directed to use the Rosgroup as the default gateway.
Floating: I have removed the floating rule because it did not seem to change anything.Nat: Automatic (i have set manual NAT settings but no success)
-
I am still working on this issue myself, But … Can you please try this.
Please uninstall squid ( Dont stop it, .. Remove it.)
Make sure your Multi Wan GW and rules are setup
and then hop on a site like...www.dnsleaktest.com does the wan LB?
I am having issues myself also with this I have not spent much time on it, Looking to work on it next week sometime., I can tell you thou, I would put a case a beer down that its squid that's causing your issue. I have read everything I have been able to find and nothing has worked so far. I will keep in touch on this post , let's get this one solved !!!! :)
-
had you tried this? http://forum.pfsense.org/index.php/topic,37083.0.html
sometimes for squid to loadbalance, you need a lot of LUCK. ;D
i installed a multiwan loadbalance with squid for many times already, but my latest installation is unsuccessful. maybe it's 2.0.2, or maybe not.try putting the tcp_outgoing_address 127.0.0.1; at Customs Option of your proxy.
that is step 6, page 8 on that HOWTO. -
had you tried this? http://forum.pfsense.org/index.php/topic,37083.0.html
sometimes for squid to loadbalance, you need a lot of LUCK. ;D
i installed a multiwan loadbalance with squid for many times already, but my latest installation is unsuccessful. maybe it's 2.0.2, or maybe not.try putting the tcp_outgoing_address 127.0.0.1; at Customs Option of your proxy.
that is step 6, page 8 on that HOWTO.Ahhh so i'm not the only one who feels that way ;)
I know I have tried with the outgoing address, will try again later today and follow up. But.. On the note of maybe it being 2.0.2, you may be on to something there I might fallback to 2.0.1 and try that way also.
-
http://forum.pfsense.org/index.php/topic,59605.0.html
