Question on WAN Failover
-
I have 2 WAN's one is a Microwave connection and the other is my FTTC-VDSL connection.
Everything I have read tutorial wise talks about load balancing and failover. I have no desire for load balancing, I just want everything to go out the FTTC-VDSL WAN and only fail over if it goes down. Can i just skip the setup part of the load balancing and just set up the 2 gateway groups for failover only ?
The WAN IP on the Microwave connection is a 192.168.1 and the IP coming off the FTTC modem is also a 192.168.1 connection. Do i need to chane the subnet on the FTTC router/modem to be something like 192.168.2
-
Depends on the gateways and netmasks.
-
can I skip setting up the load balacning ? I don't care to use it. I just want to use the fail over ability.
if it makes it easier, I can change the 192.168.1 network on one of the devices to be 192.168.2
-
You can do whatever you want. Set your primary to Tier 1 and your secondary to tier 2 and you'll have failover.
-
Ok, thank you just wanted to make sure that would work.
I wasn't sure if the load balancing had to be part of it for the fail over to work. I didn't think it needed to be, but thought I would ask since every tutorial I have seen shows the loadbalacning part in with the failover part
-
And even without a failover event you are always free to policy route out the secondary link should you have the need. You can still set the destination on a route or rule to the gateway itself instead of the failover group. You can also set up a failover group with tier 1 and tier 2 reversed and policy route out that group too. You would then simultaneously have both circuits in use, with both failing over to the other if one goes down.
-
ahhh that is good to know. I thought about routing all the kids devices out the microwave connection.
so basically If I am understanding you correct, I could set up the Failover rule. But also set up all the kids devices to route out the slower connection.
Is it easier to set up a 2nd DHCP scope to accomplish this. I currently have DHCP static reservations on everything in the house
-
If you have one subnet/LAN then static reservations is the way to go. I'd pick a spot on a subnet boundary, say 192.168.1.192/26. Set your kids devices to DHCP assignments from 192.168.193 - .254
Then, on LAN, down at the bottom pass any any rule that policy routes to the gateway group, right above it place a rule that routes with a source of 192.168.1.192/26 dest any to the microwave gateway (or the gateway group with the microwave as tier 1).
If they're smart they can circumvent it with a static IP but…
-
How do I set which WAN I want to be the primary to start with and when the primary WAN comes back online how do I fail back over to the primary ?
-
In your gateway group Tier 1 is primary and Tier 2 is secondary. Fail back is automatic.
-
Yeah I have been trying to rack my head on how to read that. In my screen shot, did I make OPT1 (FTTC)primary ?
I want the OPT1 (FTTC) to be the primary WAN interface
-
Yeah I have been trying to rack my head on how to read that. In my screen shot, did I make OPT1 (FTTC)primary ?
I want the OPT1 (FTTC) to be the primary WAN interface
For that route to OPT1failoverWAN1
-
You Lost me there, Where do i do that at ?
This is what i have so far. At this point I want to make sure I am set up to Failover from OPT1 (FTTC) to WAN1.
And if I understand what you said earlier it should auto fail back
Attached is what I have done so far.
-
Right there in the firewall rules. Get rid of the second one. It will never be matched (it matches the same traffic as the rule above it so it will never be hit by matching traffic..)
-
get ride of the WAN > OPT1 Rule ?
-
Yes. it is unnecessary and will never match any traffic.
-
ninjaneer, This worked for you? I'm Kind of stuck here (trying to do my first failover on pfsense), so I am guiding myself with your post (I'm not so good with Firewall/NAT rules when it comes to forward traffic). Please, if something worked for you, let us know.
-
I'm not so good with Firewall/NAT rules when it comes to forward traffic
You should probably figure that out before tackling more advanced topics like multi-wan and the policy routing it entails.
-
Can you suggest me some topic(s)? I think I expressed myself in the wrong way, I meant, "I'm not so good with Firewall/NAT rules when it comes to forward traffic on pfSense, because I got lost very easily with the interface" (Too many options at once) I'm still searching on the forum and the documentation, but it gets confusing because, or only a few people are having the problems that I have, or maybe I'm looking on the wrong direction (I'm thinking this is the main reason…)
Thanks in advance!
-
https://doc.pfsense.org/index.php/Firewall_Rule_Basics
https://doc.pfsense.org/index.php/Firewall_Rule_Processing_Order
https://doc.pfsense.org/index.php/Firewall_Rule_Troubleshooting
https://doc.pfsense.org/index.php/How_can_I_forward_ports_with_pfSense
https://doc.pfsense.org/index.php/Port_Forward_Troubleshooting
