Load balancing and multi lan config
Hi, here is a problem i want to submit.
For now my network is like this :
wan1 –--- ----- Lan
wan2 ----- ----- Lan 2 (OPT2)
My load balancing pool is called loadbalance.
I can use load balancing on lan without any problem !
I have create rules in order to make trafic between lan and lan2 possible. This works.
But i can't use load balancing on OPT2 to go out on internet.
I have manually edit advanced nat outbound. Nothing change.
When i create the firewall rule in OPT2 interface, i have to specifie in gateway field "default" in order to go out. But when i do this, OPT2 only use the primary wan. If i specifie "loadbalance" pool as gateway in the rule, like i did in lan interface, pc on OPT2 can't go out on internet...
If someone has an idea... Maybe i'm trying to do something impossible for pfsense 1.2.3. Is load balancing reserved for lan interface ?
If you enabled AoN you also need to create rules that NAT from LAN2 to the WANs.
I have created those rules in AoN page :
WAN 192.168.80.0/24 * * * * * LAN -> WAN
WAN2 192.168.80.0/24 * * * * * LAN -> WAN2
WAN 192.168.90.0/24 * * * * * OPT2 -> WAN
WAN2 192.168.90.0/24 * * * * * OPT2 -> WAN2
Is something wrong with those ?
Perry last edited by
I think it's the common DNS forwarder problem you have.
1. A static route to a dns server going out on wan2
2. A dns rule on lan2. dest : lan2 address gateway : default
shown here http://pfsense.comuf.com/multiwan.html
thanks for advice. But with this method it's not "real" load balancing like i have on lan1. In your example you forward traffic from lan1 to wan1 and traffic from lan2 to wan2. Sure it's kind of load balancing, but not what i was looking for… I would like to have a "real" load balancing on lan1 AND lan2. Is this functionnal in 1.2.2 ? I just tried with 1.2.3 RC1.
What perry wrote is not about traffic from the clients.
This is purely for DNS requests from the pfSense to the DNS server(s) of your ISP.
(To allow pfSense to resolve names even if one WAN is down).
i was talking about the link he provide in example. I already done this for dns. But i still can't have load balancing on lan1 AND lan2. Lan1 can do it, lan2 use only wan… When wan fall, lan2 can go out with wan2. Is there someone who success having load balancing on various lan ?
Yes. I have it running.
Can you provide screenshots of:
firewall-rules LAN1, LAN2
config-page WAN1, WAN2
maybe it's something small which just is missconfigured.
Ok here we go !
For wan and wan2 config, both have static public IP. Both wan use the same provider, so dns are the same for both connections.
the last screenshots :
You say the two WANs are from the same ISP.
Are they per chance in the same subnet? (aka they have the same gateway?).
The screenshots look good.
Actually they look exactly the same as in my setup with different IPs.
They are not in the same subnet, each have different public ip with different gateway. Only dns are equals. Which version do you use ? 1.2.2 or 1.2.3 RC1 ? I'm with 1.2.3 RC1 and maybe it's just a bug on this version…
I'm running 1.2.2.
Thanks for your help ;) ! I will try to reinstall in 1.2.2 version and test this !
Well, i have the same problem with 1.2.2 and config like describe above… Very strange... I really don't understand why it won't work. If you look at lan2rules.jpg i posted above, i can't even ping 192.168.90.1 (which is pfsense interface address on lan2) from my client 192.168.90.10 . In order to do this, and to access internet, i have to change gateway field in the rule from loadbalance to default. But in this case, no load balancing anymore, just primary wan is used to go outside. Really odd...
Edit : Did you modify something special in system:static route ? Maybe i miss a thing here...
Eugene last edited by
i can't even ping 192.168.90.1 (which is pfsense interface address on lan2) from my client 192.168.90.10 . In order to do this, and to access internet, i have to change gateway field in the rule from loadbalance to default. But in this case, no load balancing anymore, just primary wan is used to go outside. Really odd…
It's is not odd it's normal. Just insert one rule before the last one "allow icmp from LAN2net to 192.168.90.1 using 'default' gateway" and you will be able to ping it.