Pool, ponds and other Sticky stuff

MadDawg

Hello all
First off thanks to all who have created or contributed to pfsense being what it is
and also much thanks to those who provide support on this forum it has been a wealth of info for me
I have been lurking for quite sometime here
but until now I have always found the info I needed searching the forums
and didn't need to post for assistance

But I am having some difficulties getting the multi wan load balancing to work correctly (understatement of the year lol!)

Anyways I have followed the MultiWAN 1.2 guide and had no success with it at all
but after some self experimenting with my own rules I am pretty sure I have it now using both wans
as the graphs from the dashboard does show almost equal traffic on both pipes anyways
but I am getting alot of time outs and page not founds which would on
the surface appears to be dns problems but I suspect it is more likely do to the sticky connections setting
as some other posts refer to it as being an issue

But in my case sticky connections is no longer even a listed option  ::)
In the system advanced tab under load balancing there is a save button but nothing else
the tic box and description for stickies is gone but it was there before
any ideas on that one I am using version 1.2-RC4

Also my rules look nothing like some of the examples I have seen …go figure lol!

My load balance pool for example is simply wan and opt1 (wan2)
with no failover pools oddly though if I unplug one connection
it does seem to failover to the other connection regardless

I would say my setup is pretty basic really I have 2 x 6 meg DSL connections both with static IPs
unfortunately though I have had to use the second dsl modems internal pppoe connection interface
to make wan 2's pppoe connection work which gives wan 2 a 192.168.2.1 address on pfsense

Which is currently not a big deal but since
There is a one pppoe connection limit on the wans in pfsense
is there anyway to have more than one pppoe connection ?
I would eventually like to add a third WAN line but with both the dsl modems I have
it seems I cannot change the modems internal Ip address of 192.168.2.1
which then means that any others I might add would also have the same WAN gateway Ip
(which i have read wouldnt work at all)

Anyways I would greatly appreciate any assistance anyone would be willing to provide as to
how to actually configure this and have it perform well
there is no doubt in my mind that pfsense functions just fine and my settings are likely all wrong :(

Could someone provide a configuration example for me to muddle my way through

Thanks & Best Regards

MD

sai

did you set up static routes for the ISP DNS servers? why dont you post your settings so that we can see what has been done?

MadDawg

Hello sai

thanks for the reply
Nope I didn't see anything in the MultiWanVersion1.2 guide
that refers to having to create any static routes :(
I also don't have the DMZ 1 & 2 that they show as
it was unclear to me where to put that info so I ignored it
(I thought it was actually meant to be put into the dsl modems settings somewhere
which isn't even an option in my case)

because the sticky connections is completely missing from my menu
I am thinking that the pf box has gotten borked and probably related to
squid …I had tested running squid before and found it actually seemed to slow things
down so I uninstalled it
but I have read numerous posts on issues with squid

I am expecting to do a complete reinstall of pf on this box
but would really appreciate some form of definitive guide on the steps necessary
to set it up properly for a relative newbie to this
it is rather unclear imho

I will try and create an outline of the steps I am following
if someone can make corrections
to my posts hopefully I will get it right for any others who need the help
after is functional I would be happy to post some screen shots for others
as I think screenies may help us newbs more than anything

1. In my case my dls modems offer no method to change any settings so
   wan is set to pppoe and opt1(wan2) is set to DHCP and wan2s connection
   shows up as gateway 192.168.2.1 and gives pf a 192.168.2.x address

2. pfSense general settings

Primary DNS server 207.164.234.193
Secondary DNS server 207.164.234.129
(both my dsl lines us the same DNS servers but have different gateway ips)
Allow DNS server list to be overridden by DHCP/PPP on WAN is Unchecked

3. Under  Services' - 'DNS Forwarder', on
   Register DHCP leases in DNS forwarder on
   Register DHCP static mappings in DNS forwarder on

4. Interfaces - OPT1
   enable Optional 1 interface checked
   Type DHCP
   Bridge with None
   IP address None (would it be best to assign it a static of say 192.168.2.2)
   Gateway 192.168.2.1

5. Setting Pools 
   Pool1
   name LoadBalance
   description LoadBalance
   Type Gateway
   Behavior Load Balancing
   Port Unused
   1st Monitor IP DNS server 207.164.234.193
   1st Interface name WAN
   2nd Monitor IP DNS server 207.164.234.129
   2nd Interface name WAN 2

pool2
name WAN1FailsToWAN2
description WAN1FailsToWAN2
Type Gateway
Behavior Failover
Port Unused
1st Monitor IP DNS server 207.164.234.129
1st Interface name WAN2
2nd Monitor IP DNS server 207.164.234.193
2nd Interface name WAN

pool3
name WAN2FailsToWAN1
description WAN2FailsToWAN1
Type Gateway
Behavior Failover
Port Unused
1st Monitor IP DNS server 207.164.234.193
1st Interface name WAN
2nd Monitor IP DNS server 207.164.234.129
2nd Interface name WAN2

6. Sticky Connections unshure to enable or not lol!

7. Firewall Rules
   Rule Load Balance
   Position in rule list Last
   Action Pass
   Disabled Unchecked
   Interface LAN
   Protocol any
   Source LAN subnet
   Source OS any
   Destination any
   Log no
   Schedule none
   Gateway LoadBalance
   Description Everything else gets shared out

(I suspect there should also be two other rules allowing all
traffic for each wan pipe
an eaxmple with my addresses would be helpful and greatly appreciated)
I am aware that I will need to add other rules for things such as https sites ect
by specifing a certain pipe for such traffic
but I can resolve them later on
but as a side note wan does not show as an option currently
for such rules only opt1 (wan2) can be specified is this because the wan
is a pppoe connection

8)NAT I have disabled the creation of automatic nat rules in settings
and also set it to advanced in the NAT section outbound rules
and have created two rules one for each WAN and opt1 (WAN2) to allow all

9. create any static routes
   Havent a clue so an example with my settings would be welcomed

10)I would think by this step it should be functioning :)

Thanks much for any assistance

Best Regards

MD

sai

You dont need to set up static routes for the DNS servers because you are using DNS servers as monitor ips - if you have them as monitor ips, the static routes get setup automagically.

Sticky connections had problems (with PPoE, I think) and so are currently not available

You are using http://doc.pfsense.org/index.php/MultiWanVersion1.2 right?

Advanced Outbound NAT. You dont need it, dont mess with it. Just let pfsense do NAT automatically.

Probably a good idea to reinstall and try again.

MadDawg

Hi Sai
Just reinstalled pf and stickies is back now
so are you saying that as soon as I set wan as a pppoe connection
I will loose that option again
and yes I have been using MultiWanVersion1.2 docs

Also was I correct about the DMZ's 1 & 2 in the instructions 
being a item that should be set on the dsl modems

and Would I be better off getting two new DSL modems
that at least allowed me to change their basic LAN settings

if so any recommendations on decent cheap dsl modems that will work with bell
and permit me to make some basic changes to it and
would It also probably be a good idea to have modems that can run in bridged mode
so that the WAN and OPT1(WAN2) on the pf box actually get passed my real world static IPs
(both DSL lines can give me a static IP)
would that be a correct assumption or am I wrong about that

Thanks Again

MD

sai

If your dsl modems run in bridge mode then you do get the real ip address on your pfs opt interface. Just make sure that they do not have overlapping subnets.

DMZs - looks like this is where you are confused. DMZ is like a LAN subnet except it houses servers that are accessed from the Internet. So it is nothing to do with the modems. Ignore DMZ untill you have the load balancing setup and running

MadDawg

Thanks again Sai

My current DSL modems will run in bridge mode but
only if the something else handle the pppoe login info
If the modem handles the pppoe connection then it stays unchangeable at 192.168.2.1

Now because I can only have the option of one pppoe connection in pf
I am sorta stuck in this situation

So I have just ordered two new DLS modems that are also routers
but can run as bridges while managing the pppoe connection too

This should resolve the configuration limitations with my current dsl modems
In case anyone is wondering my searching indicates that the

THOMSON SPEEDTOUCH 516 ADSL2+ EXT ETHERNET MODEM/ROUTER
is one of the best out there for the price plus there also is modified firmware available for it
many claim modest to 30% in increased throughput speeds over the standard bell modems
cost was 60$ each Canadian

I will post updated info when I have a chance to configure it all

Thanks again
MD