4. Failover only, how?

Failover only, how?

  • S

    I've got two connections, both with a block of static IPs.  I pay for one of them, the 30/5 business cable service.  The other is from work and it's a 6.0/768 ADSL line.

    All I really want is a failover setup.

    The multiwan docs are not at all clear for simple failover.  My primary line is so much faster than the DSL that I don't think "balancing" is appropriate.

    Where I get lost is in creating the pools - I think I just need two - the third appears to be where the load balancing (that I don't want) takes place.

    This is what I have:

    Name Type          Servers/Gateways Port       Monitor                      Description

    CVfailstoBWAY gateway (failover) opt1 wan 216.220.96.17+67.83.242.65 Bway preferred when CV fails

    BWAYfailstoCV gateway (failover) wan opt1 67.83.242.65+216.220.96.17 CV preferred when Bway fails

    As far as I understand it, this is correct.  I would imagine I could even make do with a single pool, right?

    Where I get totally lost is the step with the firewall rules.  In the example, default points to the LoadBalance pool.  In a failover, I would assume I'd point to CVfailstoBWAY.

    Additionally, is there anything to be touched in the NAT section?

    I also have inbound rules, but I'm not very concerned with duplicating those on the ADSL circuit.  Is there anything to alter for inbound rules and nat?

    edit:

    Also, just did this fresh yet again.  When I set the gateway in my LAN rules to either failover pool, I get no traffic out whatsoever, no logs of blocked packets, and plenty of state entries.  I've reset the state table, reloaded the rules, but nothing goes out.  The Load Balancer status page shows everything as "up".  I cannot even ping either of the ADSL LAN side IPs, not even the one assigned to pfsense.  I am clearly missing something big…

    0
  • P

    The multiwan docs are not at all clear for simple failover

    I'm working on it.

    As far as I understand it, this is correct.  I would imagine I could even make do with a single pool, right?

    Correct

    Additionally, is there anything to be touched in the NAT section?

    Nope

    I also have inbound rules, but I'm not very concerned with duplicating those on the ADSL circuit.  Is there anything to alter for inbound rules and nat?

    Nope

    CVfailstoBWAY    gateway  (failover)    opt1 wan 216.220.96.17+67.83.242.65 Bway preferred when CV fails

    I prefer wan opt1 (different from the docs) are those IP address your dns servers? if not you'll need static routes for each DNS server.

    ![pfSense.local - Firewall: Rules_1232234704028.png](/public/imported_attachments/1/pfSense.local - Firewall: Rules_1232234704028.png)
    ![pfSense.local - Firewall: Rules_1232234704028.png_thumb](/public/imported_attachments/1/pfSense.local - Firewall: Rules_1232234704028.png_thumb)
    ![pfSense.local - Load Balancer: Pool_1232234748033.png](/public/imported_attachments/1/pfSense.local - Load Balancer: Pool_1232234748033.png)
    ![pfSense.local - Load Balancer: Pool_1232234748033.png_thumb](/public/imported_attachments/1/pfSense.local - Load Balancer: Pool_1232234748033.png_thumb)

    0
Locked
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy