ISP failover for inbound nat
-
hi guys,
I have three(3) wan lines. ISP1 is my primary inbound nat for my public servers. Is there a way that I can failover to my ISP2 and ISP3 if ISP1 is down for inbound nat portforwarding.
thank you very much.
-
You would have to have outside users connect to a dynamic DNS name and bind that dynamic DNS name to a gateway group so it is updated with the address of the other circuit when there is a failover event.
-
Hi Derelict,
Thank you for your reply. If I have my own DNS servers on my domain. How should I configure it?
-
Kind of depends on how you want your DNS to flow, bro.
-
I do currently have three(3) ISPs. ISP1 is currently live, my sample ip is 1.1.1.1/24. How can I configure inbound failover on pfsense to use ISP2 (2.2.2.2/24) and ISP3 (3.3.3.3/24) for my public servers? Or this thing is not possible with pfsense?
thank you.
-
This is not a "pfSense problem" it is a problem with how the internet works. You need a mechanism to tell your outside clients to connect to a different address based on the status of your local WAN circuits.
To do this using pfSense you would:
- Tell your outside clients to connect to a dynamic DNS host name
- Create a gateway group for WAN1, WAN2, WAN3
- Create a dynamic DNS entry for the host name and bind it to the aforementioned gateway group.
- Have a cocktail. You earned it.
-
How you do this in the real world where you OWN the IPs is advertise your netblocks out of your different isp with different metrics when your primary goes down that route would go away and they would come in via one of your other routes.
If you do now own the IPs then sure you could change the fqdn to point to a different IP. Many dns services will set this up for you were if IP x doesn't answer so assume down, then they change the fqdn to point to your failover IP with a very short ttl on the fqdn
example
https://dnsmadeeasy.com/services/dnsfailover/
