Dual LAN - Load Balancer With Fail Over

Pinto

Hello all!
First off a big THKS! to the PFSENSE TEAM, great job !

I currently have a setup as Follows:

Pfsense 1.0 RC2 Updated Today

4 NICS

LAN 192.168.10.0/23
WAN xxx.xxx.xxx.xxx/29
DMZ Bridge'd with WAN - to same a public ip  ;)
WAN2 xxx.xxx.xxx.xxx/30

The ISP is the same  :-[ it means both routers have the same public ip gateway

PFSENSE
                                            –-------------------------------------------------------------------

Draytek ADSL Router ------------------------WAN-----------
                                                                      |                      |-----------Mail Server (same public subnet as WAN)
                                                                      | ------ DMZ -------|-----------DNS Server (Same public subet as WAN)
Draytek ADSL Router2-----------------------WAN2---------                      |-----------HTTP Server (Same public subnet as WAN)
                                                                                  |
                                                                                  |
                                                                            LAN subnet 192.168.10.0/23
                                                                                  |                                |
                                                                                  |                                |
        Squid Proxy Server (192.168.10.254/23) Gw Pfsense Lan                        MS VPN SERVER

---------------------------------------------------------------------

I've followed the pfSense PDF (Load Balance With Fail Over), but I didin't managed the whole thing....;)

Main Settings

WAN - Public IP address /29 GW= ip of Draytek1

WAN2 Public IP address /30 GW= ip of Draytek2

DMZ - no ip or GW

LAN - 192.168.10.0/23

I Create a load balance pool as folows:

Name: Balancer
Description: Lan -> Internet
Type: Gateway
Monitor IP: Gateway assigned by the ISP that Draytek2has
IP            Ip address of Draytek2

and other the same except the ip it was Draytek

Next Step was to create advanced NAT outbound
Created one to interface WAN and other to WAN2 with each public address space in the destination

Then in the Firewall Rules added for LAN WAN and WAN2

Its seems its not doing load balance at all

Any Sugestion...?
TIA

Carlos Pinto

hoba

First disable advanced outbound NAT, we are creating the needed outbound NAT rules for all interfaces with a gateway automatically (just to keep it a bit simpler for now). Then make sure to have a unique monitor IP for each gateway. We add some static routes behind the scenes to make sure the monitoring ping goes out the correct WAN. After you have changed these settings, what status does status>loadbalancer report for the 2 WANs?

Pinto

Ok now its working for outbound, i think i have something misconfigured.

Both monitor ip and gateway are the same, meaning the monitor ip is the same as the gateway.
When I disconect WAN1 it works ok for web browsing, but i can not access my DMZ, should I add a virtual IP to the WAN1 ?

Thks

Carlos Pinto

hoba

Add a pass rule on top of your loadbalance rule with default gateway for the dmz subnet. It has to be excluded from loadbalancing.