How to setup loadbalancing with 2 dhcp account from 1 isp
-
hi to all:
i've manage to create myself a pfsense box from a p4 socket 478 computer, 512mb ram, and 2 intel pro nics, but just puzzled about how to setup loadbalancing with 2 isp (wireless) with dhcp. here's my setup
isp1 (dynamically assigned ip via dhcp, gateway 111.222.333.444)–
|
---pfsense----switch----lan
|
isp2 (dynamically assigned ip via dhcp, gateway 111.222.333.444)--my initial configuration in the loadbalancing pool (this is working)
Loadbalance
gateway
loadbalance
wan1:111.222.333.444(wan1's gateway)
opt1:111.222.333.444(opt1's gateway)wan balances opt
gateway
failover
wan1:111.222.333.444(wan1's gateway)
opt1:111.222.333.444(opt'1's gateway)opt balances wan
gateway
failover
opt1:111.222.333.444(opt1's gateway)
wan1:111.222.333.444(wan1's gateway)also setup the firewall rules
- lan subnet * * * loadbalance
- lan subnet * * * *
this setup is working for me as reading the multiwansetup(1.1) not the 1.2 or 1.3 in the documentation
my question is
1. is my setup correct, will using the same gateway in the loadbalancing pools correct?2. can i achieve correct failover while using same gateway for loadbalancing and failover pools? if not, how
can i correct my setup for failover?3. obviously, been reading the multiwan-setup 1.3 in the pfsense docs, by using third party dns (opendns)
in 1 isp and using internal dns of 1 isp as the other, and also setting up static routes if using opendns
but really having a hard time digesting the idea, also, i would rather not use opendns as the monitor ip
as pinging the gateway of the isp (111.222.333.444) is alot faster4. also one problem arises if both isp goes down (frequently), i have to reboot the pfsense box because after internet goes up, loadbalancing does not work correctly, even i filter reload...only after rebooting the
pfsense box, does the loadbalancing use the 2 isps...also does pfsense "automatically detects" each interface if isp assigned an ip? like when i plug the cable to my old asus router, it "senses" if there is
internet, unlike pfsense, you have to manually press the renew ip? can i mess with it and script it to
automatically renew like for 5 seconds?really like pfsense for the multi wan, loadbalancing, it is the only product i know which is FREE, that uses
multi-wan, loadbalancing...hope i can correct all this problems...any suggestions, help will be highly appreciated... -
my question is
1. is my setup correct, will using the same gateway in the loadbalancing pools correct?No.
You cannot have the same gateway multiple times.2. can i achieve correct failover while using same gateway for loadbalancing and failover pools? if not, how
can i correct my setup for failover?You could put a NATing device in front of one of the WANs.
For the pfSense it appears as if one of the WANs is a different subnet (different gateway).3. obviously, been reading the multiwan-setup 1.3 in the pfsense docs, by using third party dns (opendns)
in 1 isp and using internal dns of 1 isp as the other, and also setting up static routes if using opendns
but really having a hard time digesting the idea, also, i would rather not use opendns as the monitor ip
as pinging the gateway of the isp (111.222.333.444) is alot fasterThe current multiwan guide is for 1.2.x. (1.3 doesnt exist).
You can have more than 2 DNS entries.
I would configure it, that you have at least one DNS bound to one WAN.
Dont use OpenDNS as monitor ip.
Do a traceroute from each WAN and take the next hop from your ISP.
Make sure you have different monitor IPs for each WAN.4. also one problem arises if both isp goes down (frequently), i have to reboot the pfsense box because after internet goes up, loadbalancing does not work correctly, even i filter reload…only after rebooting the
pfsense box, does the loadbalancing use the 2 isps...also does pfsense "automatically detects" each interface if isp assigned an ip? like when i plug the cable to my old asus router, it "senses" if there is
internet, unlike pfsense, you have to manually press the renew ip? can i mess with it and script it to
automatically renew like for 5 seconds?really like pfsense for the multi wan, loadbalancing, it is the only product i know which is FREE, that uses
multi-wan, loadbalancing...hope i can correct all this problems...any suggestions, help will be highly appreciated...I think this is related to the fact that you connect to the same subnet.
Try again after moving one of the WANs to a different subnet. -
GruensFroeschli:
thanks for the great explanation, sorry for the multiwanversion, that's really 1.2, sorry, anyways:
loadbalancing is working perfect in my current setup, but really can't get failover to work
(because of what you just explained)so, will adding a router to isp2 will solve my problem? like this?
isp1 (gateway 111.222.333.444)–router–-
|
---pfsense----switch----lan
|
isp2 (gateway 111.222.333.444)-----------------is this what you are suggesting?
if this is what you're suggesting, since loadbalancing is working right now without failover,
i might skip this configuration because of an additional router, since failover is not really important
(because if 1 isp goes down, the other goes down also, defeating the purpose because their the same isp)
just asking if i can find a way to make failover to work without an additional router, since it's not
possible, that'll be just the end of it...thanks for the help...pfsense is really just great
and btw, i know im really breaking rules here, since i want to ask another question that's off topic
can i create firewall rules that block a specific program (i.e. like windows firewall), WITHOUT squid or squidguard? just firewall rules? and do you have a good "creating firewall rules tutorial" that i can reference?
just want to harden my pfsense and gain better understanding of how to create firewall rules