Dual LAN - Load Balancer With Fail Over

  • Hello all!
    First off a big THKS! to the PFSENSE TEAM, great job !

    I currently have a setup as Follows:

    Pfsense 1.0 RC2 Updated Today

    4 NICS

    WAN xxx.xxx.xxx.xxx/29
    DMZ Bridge'd with WAN - to same a public ip  ;)
    WAN2 xxx.xxx.xxx.xxx/30

    The ISP is the same  :-[ it means both routers have the same public ip gateway


    Draytek ADSL Router ------------------------WAN-----------
                                                                          |                      |-----------Mail Server (same public subnet as WAN)
                                                                          | ------ DMZ -------|-----------DNS Server (Same public subet as WAN)
    Draytek ADSL Router2-----------------------WAN2---------                      |-----------HTTP Server (Same public subnet as WAN)
                                                                                LAN subnet
                                                                                      |                                |
                                                                                      |                                |
            Squid Proxy Server ( Gw Pfsense Lan                        MS VPN SERVER


    I've followed the pfSense PDF (Load Balance With Fail Over), but I didin't managed the whole thing....;)

    Main Settings

    WAN - Public IP address /29 GW= ip of Draytek1

    WAN2 Public IP address /30 GW= ip of Draytek2

    DMZ - no ip or GW

    LAN -

    I Create a load balance pool as folows:

    Name: Balancer
    Description: Lan -> Internet
    Type: Gateway
    Monitor IP: Gateway assigned by the ISP that Draytek2has
    IP            Ip address of Draytek2

    and other the same except the ip it was Draytek

    Next Step was to create advanced NAT outbound
    Created one to interface WAN and other to WAN2 with each public address space in the destination

    Then in the Firewall Rules added for LAN WAN and WAN2

    Its seems its not doing load balance at all

    Any Sugestion...?

    Carlos Pinto

  • First disable advanced outbound NAT, we are creating the needed outbound NAT rules for all interfaces with a gateway automatically (just to keep it a bit simpler for now). Then make sure to have a unique monitor IP for each gateway. We add some static routes behind the scenes to make sure the monitoring ping goes out the correct WAN. After you have changed these settings, what status does status>loadbalancer report for the 2 WANs?

  • Ok now its working for outbound, i think i have something misconfigured.

    Both monitor ip and gateway are the same, meaning the monitor ip is the same as the gateway.
    When I disconect WAN1 it works ok for web browsing, but i can not access my DMZ, should I add a virtual IP to the WAN1 ?


    Carlos Pinto

  • Add a pass rule on top of your loadbalance rule with default gateway for the dmz subnet. It has to be excluded from loadbalancing.

Log in to reply