Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Sticky outbound?

    Scheduled Pinned Locked Moved Routing and Multi WAN
    10 Posts 5 Posters 4.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      Russ
      last edited by

      Hi all-

      I just installed RC2 last week (my first pfSense box).  We switched from Ipcop to get dual wan failover and lb features.

      We have an ADSL line and a cable modem, and I have the dual wan with lb and failover working now.

      We are running into a problem with some websites (all ssl sites afaik) in which we get logged out because the ip address their server sees changes after a little while of browsing.

      I tried the 'touch /var/etc/use_pf_pool__stickyaddr' trick and rebooted, but I guess thats only for inbound.

      Without setting static routes/rules, how can I get it so traffic to the same site (ip+port) goes out the same interface for a while (30 mins would do)?  Of course I still want it to failover asap if the selected link goes down (thus my hesitance to use static routes).

      I've tried searching for combinations of 'sticky' and 'sessions' on google and in the forum but haven't found the answer.

      Thanks!

      1 Reply Last reply Reply Quote 0
      • S
        sullrich
        last edited by

        Not at this time.

        http://faq.pfsense.org/index.php?action=artikel&cat=1&id=174&artlang=en

        1 Reply Last reply Reply Quote 0
        • B
          billm
          last edited by

          http://marc.theaimsgroup.com/?l=pfsense-discussion&m=115584171530738&w=2

          pfSense core developer
          blog - http://www.ucsecurity.com/
          twitter - billmarquette

          1 Reply Last reply Reply Quote 0
          • R
            Russ
            last edited by

            @sullrich:

            Not at this time.

            http://faq.pfsense.org/index.php?action=artikel&cat=1&id=174&artlang=en

            Any decent workarounds?

            If not, how do I describe this feature for the devs and how much would be fair for a bounty on it?

            1 Reply Last reply Reply Quote 0
            • S
              sullrich
              last edited by

              @Russ:

              Any decent workarounds?

              No.

              @Russ:

              If not, how do I describe this feature for the devs and how much would be fair for a bounty on it?

              No matter if a bounty was posted, this will not make it into 1.0.

              1 Reply Last reply Reply Quote 0
              • R
                Russ
                last edited by

                @sullrich:

                @Russ:

                If not, how do I describe this feature for the devs and how much would be fair for a bounty on it?

                No matter if a bounty was posted, this will not make it into 1.0.

                Fine, but that's not what I asked.  The question remains unanswered.

                1 Reply Last reply Reply Quote 0
                • S
                  sullrich
                  last edited by

                  I honestly don't know how much is a good thing.  I guess it is up to you.

                  1 Reply Last reply Reply Quote 0
                  • B
                    billm
                    last edited by

                    @Russ:

                    @sullrich:

                    @Russ:

                    If not, how do I describe this feature for the devs and how much would be fair for a bounty on it?

                    No matter if a bounty was posted, this will not make it into 1.0.

                    Fine, but that's not what I asked.  The question remains unanswered.

                    It's really up to how much it's worth to you.  Name a price, maybe someone will work on it maybe someone with current knowledge of the codebase, maybe someone who wishes to learn and make a few bucks learning.  It's doable in pf, the hardest part will be to wrap a UI around it - the pf.conf code is pretty simple.

                    –Bill

                    pfSense core developer
                    blog - http://www.ucsecurity.com/
                    twitter - billmarquette

                    1 Reply Last reply Reply Quote 0
                    • S
                      sai
                      last edited by

                      Is the only work around to use policy based routing for https , so that that https traffic only goes out one WAN port?

                      sai

                      1 Reply Last reply Reply Quote 0
                      • H
                        hoba
                        last edited by

                        I have added 2 types of aliases for this at my dualwansetup. One portsalias and one hostsalias where I can add portnumbers or IP-Adresses that don't work well with loadbalancing. If I detect another external IP that doesn't work well with it I just add it to the hostslaias. https is added to the portsalias. Both aliases are referenced by a firewallrule as destination to go out to my faster WAN.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.