[Bug??] Load Balancer

Liath.WW

I'm not exactly sure what is going on, but I'm having a really odd issue when I turn on load balancing.  Just so I'm sure its not my set-up, I'm going to explain it.

This is the firmware I'm running right now: pfSense-Full-Update-1.2.3-20090526-0201.tgz

Me and my neighbor have cable connections (dynamic IP)  We both have pf-sense, he has an extra wireless router, and I have an Atheros (Belkin) card.  We got it working fine, and it worked great on my computer, but when we tested it with laptops, when the load balancing rule is enabled, DNS resolution no longer works.  (My home computers are all statically mapped)

I'm not sure if it is load balancing the DNS requests as well, or if it disables the pfSense box's local DNS server?  I'm not sure if it is supposed to do this or not.

The loadbalancing rule I have right now is from the guide, and looks like this:

*  	 LAN net  	 *  	 *  	 *  	 LoadBalance  	    	 Loadbalance  

If the rule is disabled, DNS resolution works fine.  If it is enabled, 90% of the time we can't get our laptops (or any lan computer with 192.168.1.1 as DNS server) to resolve any ips.

Did I mess up a rule, or something?  Or is this a bug?  Perhaps I could work around it by forcing all DNS requests down my local connection?

GruensFroeschli

You need a rule above the loadbalancing rule which handles access to the local networks respectively the pfSense itself.
Create an alias with everything that should not be balanced.
The rule above the balancing-rule with as destination the created alias, should have as gateway default (*).

Liath.WW

Fortunately I figured it out on my own, by applying one of my two remaining brain cells to the task for a little while.  Don't get why it does that though, since the DNS servers could be reached by either of the modems… the modems are both through the same ISP.

Big thanks for the reply though!  Sometimes I feel so... ignored :P

GruensFroeschli

As long as you dont assign a different DNS server on the DHCP config page, pfSense will be sent as DNS server to the clients.
However traffic going to the pfSense itself should not be balanced.
Otherwise traffic going to the pfSense might go out one of the WANs.

The pfSense itself cannot make us of the loadbalancing.
(Since the pool is part of a rule and there are no rules for traffic leaving the pfSense).

Did you also create a static route for at least one of the DNS servers you configured under "general setup" ?
Otherwise you wont be able to resolve names after the primary wan goes down.
Traffic from the pfSense wont switch to the second WAN automatically.

Liath.WW

Unfortunately I can't really set up a static DNS server since both modems are residential cable, and I've actually seen a case or two where the ISP changed the DNS.

GruensFroeschli

Use 208.67.222.222 and 208.67.220.220 (openDNS)