Pool, ponds and other Sticky stuff
-
Hello all
First off thanks to all who have created or contributed to pfsense being what it is
and also much thanks to those who provide support on this forum it has been a wealth of info for me
I have been lurking for quite sometime here
but until now I have always found the info I needed searching the forums
and didn't need to post for assistanceBut I am having some difficulties getting the multi wan load balancing to work correctly (understatement of the year lol!)
Anyways I have followed the MultiWAN 1.2 guide and had no success with it at all
but after some self experimenting with my own rules I am pretty sure I have it now using both wans
as the graphs from the dashboard does show almost equal traffic on both pipes anyways
but I am getting alot of time outs and page not founds which would on
the surface appears to be dns problems but I suspect it is more likely do to the sticky connections setting
as some other posts refer to it as being an issueBut in my case sticky connections is no longer even a listed option ::)
In the system advanced tab under load balancing there is a save button but nothing else
the tic box and description for stickies is gone but it was there before
any ideas on that one I am using version 1.2-RC4Also my rules look nothing like some of the examples I have seen …go figure lol!
My load balance pool for example is simply wan and opt1 (wan2)
with no failover pools oddly though if I unplug one connection
it does seem to failover to the other connection regardlessI would say my setup is pretty basic really I have 2 x 6 meg DSL connections both with static IPs
unfortunately though I have had to use the second dsl modems internal pppoe connection interface
to make wan 2's pppoe connection work which gives wan 2 a 192.168.2.1 address on pfsenseWhich is currently not a big deal but since
There is a one pppoe connection limit on the wans in pfsense
is there anyway to have more than one pppoe connection ?
I would eventually like to add a third WAN line but with both the dsl modems I have
it seems I cannot change the modems internal Ip address of 192.168.2.1
which then means that any others I might add would also have the same WAN gateway Ip
(which i have read wouldnt work at all)Anyways I would greatly appreciate any assistance anyone would be willing to provide as to
how to actually configure this and have it perform well
there is no doubt in my mind that pfsense functions just fine and my settings are likely all wrong :(Could someone provide a configuration example for me to muddle my way through
Thanks & Best Regards
MD
-
did you set up static routes for the ISP DNS servers? why dont you post your settings so that we can see what has been done?
-
Hello sai
thanks for the reply
Nope I didn't see anything in the MultiWanVersion1.2 guide
that refers to having to create any static routes :(
I also don't have the DMZ 1 & 2 that they show as
it was unclear to me where to put that info so I ignored it
(I thought it was actually meant to be put into the dsl modems settings somewhere
which isn't even an option in my case)because the sticky connections is completely missing from my menu
I am thinking that the pf box has gotten borked and probably related to
squid …I had tested running squid before and found it actually seemed to slow things
down so I uninstalled it
but I have read numerous posts on issues with squidI am expecting to do a complete reinstall of pf on this box
but would really appreciate some form of definitive guide on the steps necessary
to set it up properly for a relative newbie to this
it is rather unclear imhoI will try and create an outline of the steps I am following
if someone can make corrections
to my posts hopefully I will get it right for any others who need the help
after is functional I would be happy to post some screen shots for others
as I think screenies may help us newbs more than anything-
In my case my dls modems offer no method to change any settings so
wan is set to pppoe and opt1(wan2) is set to DHCP and wan2s connection
shows up as gateway 192.168.2.1 and gives pf a 192.168.2.x address -
pfSense general settings
Primary DNS server 207.164.234.193
Secondary DNS server 207.164.234.129
(both my dsl lines us the same DNS servers but have different gateway ips)
Allow DNS server list to be overridden by DHCP/PPP on WAN is Unchecked-
Under Services' - 'DNS Forwarder', on
Register DHCP leases in DNS forwarder on
Register DHCP static mappings in DNS forwarder on -
Interfaces - OPT1
enable Optional 1 interface checked
Type DHCP
Bridge with None
IP address None (would it be best to assign it a static of say 192.168.2.2)
Gateway 192.168.2.1 -
Setting Pools
Pool1
name LoadBalance
description LoadBalance
Type Gateway
Behavior Load Balancing
Port Unused
1st Monitor IP DNS server 207.164.234.193
1st Interface name WAN
2nd Monitor IP DNS server 207.164.234.129
2nd Interface name WAN 2
pool2
name WAN1FailsToWAN2
description WAN1FailsToWAN2
Type Gateway
Behavior Failover
Port Unused
1st Monitor IP DNS server 207.164.234.129
1st Interface name WAN2
2nd Monitor IP DNS server 207.164.234.193
2nd Interface name WANpool3
name WAN2FailsToWAN1
description WAN2FailsToWAN1
Type Gateway
Behavior Failover
Port Unused
1st Monitor IP DNS server 207.164.234.193
1st Interface name WAN
2nd Monitor IP DNS server 207.164.234.129
2nd Interface name WAN2-
Sticky Connections unshure to enable or not lol!
-
Firewall Rules
Rule Load Balance
Position in rule list Last
Action Pass
Disabled Unchecked
Interface LAN
Protocol any
Source LAN subnet
Source OS any
Destination any
Log no
Schedule none
Gateway LoadBalance
Description Everything else gets shared out
(I suspect there should also be two other rules allowing all
traffic for each wan pipe
an eaxmple with my addresses would be helpful and greatly appreciated)
I am aware that I will need to add other rules for things such as https sites ect
by specifing a certain pipe for such traffic
but I can resolve them later on
but as a side note wan does not show as an option currently
for such rules only opt1 (wan2) can be specified is this because the wan
is a pppoe connection8)NAT I have disabled the creation of automatic nat rules in settings
and also set it to advanced in the NAT section outbound rules
and have created two rules one for each WAN and opt1 (WAN2) to allow all- create any static routes
Havent a clue so an example with my settings would be welcomed
10)I would think by this step it should be functioning :)
Thanks much for any assistance
Best Regards
MD
-
-
You dont need to set up static routes for the DNS servers because you are using DNS servers as monitor ips - if you have them as monitor ips, the static routes get setup automagically.
Sticky connections had problems (with PPoE, I think) and so are currently not available
You are using http://doc.pfsense.org/index.php/MultiWanVersion1.2 right?
Advanced Outbound NAT. You dont need it, dont mess with it. Just let pfsense do NAT automatically.
Probably a good idea to reinstall and try again.
-
Hi Sai
Just reinstalled pf and stickies is back now
so are you saying that as soon as I set wan as a pppoe connection
I will loose that option again
and yes I have been using MultiWanVersion1.2 docsAlso was I correct about the DMZ's 1 & 2 in the instructions
being a item that should be set on the dsl modemsand Would I be better off getting two new DSL modems
that at least allowed me to change their basic LAN settingsif so any recommendations on decent cheap dsl modems that will work with bell
and permit me to make some basic changes to it and
would It also probably be a good idea to have modems that can run in bridged mode
so that the WAN and OPT1(WAN2) on the pf box actually get passed my real world static IPs
(both DSL lines can give me a static IP)
would that be a correct assumption or am I wrong about thatThanks Again
MD
-
If your dsl modems run in bridge mode then you do get the real ip address on your pfs opt interface. Just make sure that they do not have overlapping subnets.
DMZs - looks like this is where you are confused. DMZ is like a LAN subnet except it houses servers that are accessed from the Internet. So it is nothing to do with the modems. Ignore DMZ untill you have the load balancing setup and running
-
Thanks again Sai
My current DSL modems will run in bridge mode but
only if the something else handle the pppoe login info
If the modem handles the pppoe connection then it stays unchangeable at 192.168.2.1Now because I can only have the option of one pppoe connection in pf
I am sorta stuck in this situationSo I have just ordered two new DLS modems that are also routers
but can run as bridges while managing the pppoe connection tooThis should resolve the configuration limitations with my current dsl modems
In case anyone is wondering my searching indicates that theTHOMSON SPEEDTOUCH 516 ADSL2+ EXT ETHERNET MODEM/ROUTER
is one of the best out there for the price plus there also is modified firmware available for it
many claim modest to 30% in increased throughput speeds over the standard bell modems
cost was 60$ each CanadianI will post updated info when I have a chance to configure it all
Thanks again
MD