New version removed Gateway Switching
-
I have been looking at this some today.. I am removing all policy routing to the failover group from my edge (Cable (Tier 1) then ADSL (Tier 2)) and am relying on the new default gateway group instead.
No more bypassing for local stuff. So far so good.
This is really good news since most people don't have a problem with multi-wan, but the introduction of policy routing is a challenge for a lot of people.
Now in simple failover cases all you have to do is make the group, set the default gateway to track it, and you're done. No special rules necessary.
-
@grimson : I'm not afraid to look stupid since only stupid people see things that way and use the forum to express their anger and frustration. Get a shrink.
-
Thanks for you answer @derelict
Does it mean that we could expect Squid (and other packages that use default gateway) to work well with loadbalance if we set the default gateway group with members on the same tier?
Best regards.
-
No. This has nothing to do with load balancing. That still has to be policy routed. But it should help squid in the same way default gateway switching would in a failover situation.
The real answer for squid and load balancing is to put a squid instance behind the firewall so the outbound connections it makes hit the policy routing rules on the LAN and the load balancing gateway group rule gets applied to the traffic.
I know people like everything to be "on one pfSense" but in that case you need to separate them for the desired outcome.
Loadbalance gateway groups (any group with more than one gateway in a single tier) probably should not even appear in the default gateway pulldown. But they do. I am not sure of the behavior there. The default gateway is probably set to the first one found after a sort by tiers.
-
@Derelict said in New version removed Gateway Switching:
I have been looking at this some today.. I am removing all policy routing to the failover group from my edge (Cable (Tier 1) then ADSL (Tier 2)) and am relying on the new default gateway group instead.
No more bypassing for local stuff. So far so good.
This is really good news since most people don't have a problem with multi-wan, but the introduction of policy routing is a challenge for a lot of people.
Now in simple failover cases all you have to do is make the group, set the default gateway to track it, and you're done. No special rules necessary.
I apologize if I ask a stupid question, but what exactly is the change? Is it that now you no longer have to add the failover group to an individual firewall rule?
-
No. It has nothing to do with policy routing. You still have to do that.
It gives you more control over how the default gateway selection is made.
-
@Derelict said in New version removed Gateway Switching:
No. It has nothing to do with policy routing. You still have to do that.
It gives you more control over how the default gateway selection is made.
I've been searching in the wiki but I am afraid I couldn't find it. What exactly is the change?
-
https://redmine.pfsense.org/issues/8187
https://docs.netgate.com/pfsense/en/latest/releases/2-4-4-new-features-and-changes.html
-
This post is deleted! -
What? This is not a guide. Question asked and answered.
