DualWan Failover without LoadBalancing



  • is there a way to have a dual-wan failover without having loadbalancing?
    i have two wan connection, one it costs a lot for mbyte transferred and i would like to use only for backup (when the other is down) purposes..

    i'm trying to reach a solution with carp\failover\loadbalancers but i can't find anything that works..

    so are there any solution?

    thanks in advance…



  • 1. Setup a loadbalancer with both your WAN gateways.
    2. In your Firewall -> Rules -> LAN section, don't use the loadbalancer as your gateway.  Instead leave the gateway setting as "default".
    3. Download http://rajasuperman.googlepages.com/monitor-gw.tar.gz.  README file contains the installation details.

    pfSense will not be load balancing traffic on WAN links, but will only push traffic only over the default gateway.  monitor-gw will switch the gateway if it fails.

    Note that the monitor-gw script only changes gateways if a WAN link fails.  Eg. If WAN1 fails, gateway is switched to WAN2.  If WAN1 comes back, gateway is not changed back to WAN1 but remains on WAN2.  Changing this should be a pretty easy…



  • @rsubr:

    Note that the monitor-gw script only changes gateways if a WAN link fails.  Eg. If WAN1 fails, gateway is switched to WAN2.  If WAN1 comes back, gateway is not changed back to WAN1 but remains on WAN2.  Changing this should be a pretty easy…

    I will add a variable for default gw (the free one.. ;) )

    $default_gw="85.36.xxx.xxx";
    

    and then i will add a little if to switch back to default if is it available, something like

    if ($default_gateway != $default_gw) {
    print("NOTICE: Switching back to default gateway from $active_gateways[0] to $default_gw \n");
    exec("route -q change default $default_gw");
    }
    
    

    is not the best solution possible.. but it's a good starting point..
    i'll try to make it better ;)

    thanx:)

    (sorry for my ugly english..)



  • it works!!!! :D

    
        $default_gw="85.36.xxx.xxx";
        $key2 = in_array($default_gw, $active_gateways);
    //    print("DEBUG: $key :: $key2\n");
    //    print_r($default_gateway); print("\n") ; print_r($active_gateways);print("\n");
    
        if (($key2 === TRUE) && ( $default_gw !=$default_gateway)) {
            print("NOTICE: Changing default gateway to $default_gw from $active_gateways[0]\n");
            exec("route -q change default $default_gw");
        }
    
    

    and at the end only..

    check_gateways();
    

    running in a minute (*\1) cron..

    works fine..failover and switch back without problems… :)

    so, anyone can test it? :D



  • if it's so easy to do failover without loadbalancing, so why do we have to wait for the PFSense 1.1 version for this feature to arrive officially?

    if i would find a time for it, i will try to do this later this week. thank you, kionez and rsubr.



  • @Mercredi:

    if it's so easy to do failover without loadbalancing, so why do we have to wait for the PFSense 1.1 version for this feature to arrive officially?

    if i would find a time for it, i will try to do this later this week. thank you, kionez and rsubr.

    Because we want to tie it into the existing polling method, not use yet another process.  rsubr has done a good job out of his own necessity, if you want to use it, go for it, as usual, don't expect support for code that didn't come from our tree.  In the meantime, if you wish to complain about our multi-wan support, how about some donations (http://forum.pfsense.org/index.php/topic,2502.0.html) to help support it?

    –Bill



  • i am willing to do some donations for the project or provide another way of supporting, i am keeping it in my mind. once i would find a way to support you or your team with the money, i will do it.



  • Thanks very much for BACKUP function on PFSense!!  ;D

    I'd like to modify Raja's monitor-gw script to add this function to my PFsense box:
    When monitor-gw script changes the default gateway,
    i want it to change the 1:1 NAT rules for my PCs
    In other words:
    I need to NAT my LAN IP addresses in different ways depending on which is the
    default gateway at the moment.

    Some details:
    My LAN is 10.0.0.0/24 with static IPs.

    My WAN1 is 192.168.1.0/24 (PFSense NIC is 192.168.1.1)

    My WAN2 is 192.168.2.0/24 (PFSense NIC is 192.168.2.1)

    My default wan is WAN1.

    I want to use NAT to change each LAN ip from 10.0.0.x to 192.168.1.x.
    When my default wan (WAN1) is down, PFSense must use WAN2 and must nat each ip
    from 10.0.0.x to 192.168.2.x

    Thanks in advance for any help.

    Bye,
    Alex



  • Thanks rsubr and Kionez,

    This is exactly what I want to do, but I have some question in order to set my pf correctly. When I set a loadbalancer I have to choose  gateway as type, put gateway IP in the IP box , but in Monitor IP what should I put and I have to this on both pfSense right? (Gateway on first provider in pf one and gateway of second provider in the second pfSense).

    I really like to try your solution kionez, also can you tell me where to put your code for the switch back, I'm not really a programmer (is this in PHP ?)

    Any help would be greatly appreciated



  • @scarpy:

    Thanks very much for BACKUP function on PFSense!!  ;D

    I'd like to modify Raja's monitor-gw script to add this function to my PFsense box:
    When monitor-gw script changes the default gateway,
    i want it to change the 1:1 NAT rules for my PCs
    In other words:
    I need to NAT my LAN IP addresses in different ways depending on which is the
    default gateway at the moment.

    Some details:
    My LAN is 10.0.0.0/24 with static IPs.

    My WAN1 is 192.168.1.0/24 (PFSense NIC is 192.168.1.1)

    My WAN2 is 192.168.2.0/24 (PFSense NIC is 192.168.2.1)

    My default wan is WAN1.

    I want to use NAT to change each LAN ip from 10.0.0.x to 192.168.1.x.
    When my default wan (WAN1) is down, PFSense must use WAN2 and must nat each ip
    from 10.0.0.x to 192.168.2.x

    Thanks in advance for any help.

    Bye,
    Alex

    you can do that 2 ways a hard one and a simpel one
    the hard one you need to edit the rules.debug file on the fly from the monitor script and chanche the wan interface there to the one that is active

    the simpel way is to copy the rules.debug file to 2 files
    /tmp/wan1.rules and /tmp/wan2.rules
    edit the wan="interface" line in both files to the correct interface
    let the script afther chancing the wan interface
    the correct rules file run

    pfctl -f /tmp/wan1.rules
          for wan1
    pfctl -f /tmp/wan2.rules
          for wan2


Log in to reply