Dual wan and failover with dynamic ip address

fcasco

Hello I have two adsl connections with dynamic ip address, it uses pppoe and my pfsense has 3 nics, wan (adsl 1) and opt1 (adsl2) can anyone tell me if it is posible to setup a dual wan failover with dynamic public ip. My isp gives me a different public ip everytime i connect.
I can make my adsl modem make the connection and give me a private ip on eahc wan and redirect all the wan traffic from each modem to that private ip (nat)
Thanks in advanced.

hoba

You can loadbalance the lines if you use the Modems as Routers (you need static gateways for the IPs) and it will detect if a link is down and exlude it from the pool. However a failover from one interface to the other (use WAN1 and only if it'S not working move to WAN2) is not yet possible though it's already been worked on in our developement tree.

fcasco

i´ve been reading on in the forum, the two adsl are from the same provider, each wan will have private ips say
lan: 192.168.1.1 / 24

wan: 10.0.0.2 / 30
gw: 10.0.0.1 / 30 (adsl router)

opt1: 10.0.1.2 / 30
gw: 10.0.1.1 / 30 (adsl router)

when i make the load balancer what should i put as the listen ip (can it be the dns server?) or should it be the private ip address of each connection?

The other quetion is, what will happen with all the traffic that is going through the failed connection? will it start going out the other one that is still active?

hoba

You should use a gateway behind your modemrouters. If a ping to that IP fails the link is considered down. Monitoring IPs have to be unique btw. Links will be polled every 5 seconds. Already established connections through that link will stall but the reconnection will go out the next wan that is up.

fcasco

Thanks hoba. I´ll try it out and tell you how it goes.
I have a last question: when on of the link tha went down comes up again it will automatically start load balancing again with every new connection? The established connections will remain on the link that did not fail is this correct?
Thanks for everything

hoba

Yes, links are dynamically included and excluded when they become available/unavailable within the next 5 seconds.

cheeky

Newbie here, please be gentle on me!  :D
I've installed PFSENSE 1.0 release, and your software is the answer to all my needs in a firewall!

I'm trying to setup a dual WAN, one ISP is static ADSL and one is ADSL via PPPoE.
Both WAN is functional now in my PFSENSE, routing some ports to WAN1 and others to WAN2.
I wanted to do load balancing with failover, so here it goes.
I've read that static IP's is needed to do load balancing, so my problem is my PPPoE ADSL account.
I'm using a modemrouter for that PPPoE account, set to bridge mode.
As i had read from previous posts, i set the modemrouter to routing mode so that PFSENSE can get a static IP for WAN.
Here are my configs:

ISP–- (203.172.x.x via PPPoE)modem router(192.168.1.2)
                                                                l
                                                                l
                                                      (192.168.1.3)WAN1(192.168.1.1)------------PFSENSE

What rules do i have to set in PFSENSE (or maybe in my modemrouter) so that i can access www via WAN1, i can't do web browsing if i set WAN 1 as static IP unlike if it is set to PPPoE.

Thanks in advance.

hoba

Do you always get the same IP from the PPPoE dialin? If yes you don't need the "use modem as default static gateway" trick.

If no it should work. However I don't understand your ascii-diagram. Looks like you used 192.168.1.x Adresses at your WAN. Make sure this doesn't conflict with your LAN subnet (192.168.1.1/24 is the default LAN subnet after installation).

Your setup should look something like this:

ISP1--------ModemRouter(192.168.254.1/24)------(192.168.254.2/24)WAN
                                                                  pfSense LAN (192.168.1.1/24)------------LAN Clients
ISP2----------------Modem(bridge)--------------(some public IP)OPT-WAN

In this scenario you might need to uncheck "block private IPs) at interfaces>wan. Also if your ModemRouter provides a setting "DMZ IP" you should enter the pfSense WAN IP there. This way it will forward everything to the pfSense WAN and you only have to configure portforwards, firewallrules, … there.

sintar

in my experince you need to uncheck block private ips on any interface that has a  private ip range

10.0.0.0 - 10.255.255.255
172.16.0.0 - 172.31.255.255
192.168.0.0 - 192.168.255.255

@hoba:

In this scenario you might need to uncheck "block private IPs) at interfaces>wan. Also if your ModemRouter provides a setting "DMZ IP" you should enter the pfSense WAN IP there. This way it will forward everything to the pfSense WAN and you only have to configure portforwards, firewallrules, … there.

sbyoon

I'm working for the dual wan loadbalancing and failover with dynamic gateways. For the gateway, I use "wan" and "opt1" instead of the real gateway's ip address. And now it works well. Pls see the attached images.

But I'd like to restart slbd when the wan's or opt1's ip address are changed. The problem is that I cannot figure out the process of it on pfsense. Is there anyone who can give me a hint how to do it. If it will be possible I will provide the diffs.

Thanks.

jeroen234

i think you need to add some code to
/etc/rc.newwanip

hoba

Nice addition! While you are at it can you add wan-gateway and optx-gateway as variables to be optionally used for monitor IPs too?  ;)

billm

@sbyoon:

I'm working for the dual wan loadbalancing and failover with dynamic gateways. For the gateway, I use "wan" and "opt1" instead of the real gateway's ip address. And now it works well. Pls see the attached images.

But I'd like to restart slbd when the wan's or opt1's ip address are changed. The problem is that I cannot figure out the process of it on pfsense. Is there anyone who can give me a hint how to do it. If it will be possible I will provide the diffs.

Thanks.

slbd config (and restart) is done in /etc/inc/vslb.inc.  However, you likely want /etc/rc.newwanip (I'm not sure that runs for optx interfaces though).

–Bill

sbyoon

I think I succeeded in it. I added "slbd_configure();" into rc.newwanip to reload slbd. I found rc.newwanip is executed when ip change occurs at optx as well.

I tested it for several days and it works well for me. But I want it to be tested by other people who are in other various environment.

If you wan to test it, you can download loadbalance.zip file from below link.

http://www.monetcom.co.kr/download/loadbalance.zip

And decompress the file and upload each decompressed file to pfsense. (command promtp -> upload)
And then copy each file to below.

/etc/inc/vslb.inc
/usr/local/www/load_balancer_pool_edit.php
/etc/inc/filter.inc
/etc/rc.newwanip

• If you are using embedded version, make sure that you should execute /etc/rc.conf_mount_rw before copying.

Any feedback will be appreciated.

And I'd like to make rc.newwanip to check whether outgoing loadbalancing is enabled or not before it execute "slbd_configure()". I tested it with adding "if ($config['load_balancer']['lbpool']['type'] == "gateway")" above "slbd_configure();" but it didn't work. Could anyone give me an advice for it?

Thanks.

hoba

Just a question: Do you have to enter the OPTx-name or the substitute of it like WAN2 (in case you called OPT1 WAN2)?

sbyoon

You should use the interface name in interfaces -> assign. Pls see the attached image. In this case the interface name should be wan, opt1 or opt4.

hoba

The substitutes of the interfacenames would be nicer but this is cool too  :)

billm

@hoba:

The substitutes of the interfacenames would be nicer but this is cool too  :)

We can work around this of course if the code works :)

–Bill

sbyoon

I found my mistake on load_balancer_pool_edit.php. When click add pool, the interface name was undifined. Now I corrected it. Pls download the correct one again if you already download it.

http://www.monetcom.co.kr/download/loadbalance.zip

And I found that rc.newwanip is not correctly copied to pfsense. If you have this problem also, you can edit it just adding below code at the bottom of rc.newwanip.

/* reload slbd */
slbd_configure();
log_error("Configuring slbd");

GotzBoost

Well I'd have to say this guy fixed all my issues with this little update, OMG this is awesome. Been working on getting load balancing to work with my cable modem and my DSL all day. Ran across this, implemented it, and wham, it's all working… Thank you sooooo much for this addition.

Well since he helped me so much, I thought I would add to it also. I modified the config interface to allow picking what interface you want to add to the pool from a list. And added the ability to pick the Gateway's address from a list also, among other options too. (See attached image)

A quick note though, one reason, on top of being dynamic, why I couldn't get the dang balancing to work all day was because my cable provider disabled ping to it's gateway.... As soon as I set it to my web hosting companies IP, it all come "online."

Just update the files appropriately in /usr/local/www
http://www.webhostingspot.com/pfSense.rar

Question, before I start messing around I'd thought I'd ask fisrt.
With all this load balancing working and all, how do I configure pfSense so that all SMTP traffic on my network goes out through the WAN interface only?

P.S. How the heck do I get my FTP outbound working now?