2 Wan - 1 Lan Failover ,Some Clarification for a Newbie


  • Greetings i want to implement a failover solution with 2 Static Public Ips  (two differents ISP Providers) and 1 LAN.

    WAN1: a.b.c.d (ISP1)
    WAN2: w.x.y.z (ISP2)
    LAN: 192.168.0.0/24

    My actual configuration is giving public access to an https server (port 443) with a dns name as https://server.domain.com.ar which points to a.b.c.d IP (WAN1) configured in the DNS Server in ISP1. I don't have an Internal DNS SERVER.
    My clients connects from several ISP Providers, sometimes differents from what i have.

    My question are:

    1. Does a failover configuration resolves the fact that the address https://server.domain.com.ar is WAN1 address?, the dns name and the ipaddress of that name is propagated to other DNS Servers, and i think a client will try to connect with WAN1 IP, and if it fails, it won't connect?.

    2. Could you provide some general advice How could i do that?,The solution is based in failover configuration or in NATING?

    Thanks a lot,

    Andres.



  • Yes, i already readed it, but it isn't clear for me.

    I don't understand the method that it is used by the client to connect in the case of the failure of the public IP ipaddress of the server which tries to connect (WAN1).
    Do i need some type of DNS round robin?

    It is clear for me, that the failover configuration serves if you want to access some server in the wan from the lan, but not from the wan to the LAN.

    Thanks again,

    Andres.


  • I don't understand the method that it is used by the client to connect in the case of the failure of the public IP ipaddress of the server which tries to connect (WAN1).
    Do i need some type of DNS round robin?

    then u not read it 100%.

    in that wiki, it already said, pfsense using PING method to see is it connected or disconnect….
    in this case, u can using DNS IP for checking (PING) online or not...

    may be u can give some screenshot in your load-balance configuration in here....


  • Thanks for replying xaviero.

    I already read again the multiwan document. I

    Yes i understand that pfsense uses dns server IP of the provider to check that a link is failing and switch to the other.
    But the outside client in the internet, how resolves this problem? The initial connection will be tried to the same IP which it is down.

    Must i replace the url in the client with two differents ips for example:

    Today:

    https://server.domain.com.ar (pointing to static IP of ISP1)

    Tomorrow:

    https://public_ip1 (WAN1, ISP1)

    https://public_ip2 (WAN2, ISP2))

    And the client try which is working (the client uses another ISP).

    Thanks again,

    Andres.


  • Well, i think i understand the failover configuration, but i think i am needing:

    http://forum.pfsense.org/index.php/topic,2087.msg12049.html#msg12049

    I will search in dns testing forum.

    Thanks for the help.

    Greetings,

    Andres.


  • If I understand the question, in the failover you want 2 different ip's for it to ping.  If you put the same ip's on both it will always show them both up from my understanding.

    Andy

    @ayacopino:

    Thanks for replying xaviero.

    I already read again the multiwan document. I

    Yes i understand that pfsense uses dns server IP of the provider to check that a link is failing and switch to the other.
    But the outside client in the internet, how resolves this problem? The initial connection will be tried to the same IP which it is down.

    Must i replace the url in the client with two differents ips for example:

    Today:

    https://server.domain.com.ar (pointing to static IP of ISP1)

    Tomorrow:

    https://public_ip1 (WAN1, ISP1)

    https://public_ip2 (WAN2, ISP2))

    And the client try which is working (the client uses another ISP).

    Thanks again,

    Andres.


  • No, i don't want that, thanks anyway for your concern.
    I want a DNS Failover for incoming connections.
    I will look at DNS Testing forum.

    Thanks all for your feedback.

    Let 's close this thread.


  • in ur case, do u want this?
    in simple word, your LAN client, want to bind an IP (WAN1) then if WAN1 disconnected, u want LAN client bind to WAN2 IP, is that correct?
    if yes, try add NAT-Rule….