Fail over only



  • Hello,
    I've go two connections and all i want is a failover setup (no load balancing). The multiwan docs are not clear for simple failover.

    LAN : 192.168.168.254
    WAN : 196.192.xx.xx / Gateway 196.192.yy.yy
    OPT1 : 10.10.0.1 (plugged to a router) / Gateway 10.10.0.254
    pfSense version : 1.2.2

    I created only one pool, is it right to do so?

    Pool configuration :
    The monitored IPs are DNS servers

    Status :

    Routing Table :

    Firewall Rules :
    I allow everything to go through as it's a test setup.

    For now it's working, ping to random webservers give positive results.

    I unplug the WAN in order to test the failover.
    It's not working anymore, ping to random webservers give negative results.
    Routing tables remain the same.

    Status when WAN is unplugged:

    I also tried with two pools configured, but i have the same problem
    I can't find where i made a mistake or i am missing something big…



  • You need to change the gateway on your lan rule to the pool. http://pfsense.site88.net/multiwan.html



  • I did that too, but still the failover is not working.

    When WAN1 fails, the default route should change, right?



  • @gufyx:

    I did that too, but still the failover is not working.

    When WAN1 fails, the default route should change, right?

    No, and the pfSense box itself won't use policy routing, so it'll still be trying to route out the WAN interface. Clients behind it should be able to route though. The load balancer doesn't change the system routing table, it adjusts the policy routing rules instead, which don't apply to traffic originating at the pfSense box.

    One important side-effect of this is that if you're using the DNS forwarder, you need to make sure one DNS server has a static route to ISP 1 and the other DNS server has a static route to ISP 2. The easiest way to accomplish this is two use one of the name servers from each ISP as the default nameservers in pfSense and then use these as the load balancer monitor IPs. I've found this to be the most reliable setup (though I usually use OpenDNS relays as the monitors & DNS).



  • @ktims:

    No, and the pfSense box itself won't use policy routing, so it'll still be trying to route out the WAN interface. Clients behind it should be able to route though. The load balancer doesn't change the system routing table, it adjusts the policy routing rules instead, which don't apply to traffic originating at the pfSense box.

    This was my big mistake…i did the testing on the pfSense box itself...


Log in to reply