Loadbalance connection problem
-
hi.
i have a new pfsense box with the following setup:
pfSense Version 1.0.1 (built on Sun Oct 29 01:07:16 UTC 2006)LAN IP - 192.168.7.1
WAN IP - 207.XXX.XXX.100 (static) WAN_GW: 207.XXX.XXX.254
OPT1 IP - 192.168.1.200 (static) OPT1_GW: 192.168.1.1LAN is as normal, shared with my internal network.
WAN is attached to a DSL connection to ISP #1
OPT1 is attached to a router, which is then attached to a second ISP which provides a dynamic IP; 192.168.1.200 is in the DMZ for the routerWAN and OPT1 are loadbalanced.
monitor IP for WAN in loadbalance pool is the WAN_GW address
monitor IP for OPT1 in loadbalance pool is the OPT1_GW addressOutbound NAT has "Enable advanced outbound NAT" selected,
and:Interface Source Source Port Destination Destination Port NAT Address NAT Port Static Port Description WAN 192.168.7.0/24 * * * * * NO Auto created rule for LAN OPT1 192.168.7.0/24 * * * * * NOMy LAN Firewall rules are as follows:
Proto Source Port Destination Port Gateway Description * LAN net * * * loadBalance Default LAN -> LoadBalanced * LAN net * * * * Default LAN -> anyWhen I start up the box, I get no problems with accessing the internet for a while, maybe up to about 2-3 minutes .. However, after this time, the connection stops working.
Each of the connections work individually quite well, and without any problems.
Any advise on what to do to trouble-shoot this problem, and if you need any more information to help me to solve this.
Thanks
-
Make sure your monitors are not refusing to answer to pings after some time. monitor IPs are pinged every 5 seconds to detect link failure. If the connection fails what's the status of status>loadbalancer?
-
The connection fails even when the Load Balancer Status says that both connections are online .. also, to make certain that both gateways allow for pings, i have an open terminal running a ping to them every second .. and this has been going now for a little over 40 minutes .. no blocks so far ..
-
Then something else is wrong. show me your pooldefinitons.
-
info attached..
let me know if you need any more ..
-
You are not useing the right IPs as gateways in the pool. According to the first post they should be 207.216.0.254 (at WAN) and 192.168.1.1 (at OPT-WAN).
-
my WAN IP address is 207.216.9.122
my WAN GW address is 207.216.0.254my OPT1 IP is 192.168.1.200
my OPT1 GW is 192.168.1.1do I still have incorrect addresses in the system ?
Thanks for your help with this :)
-
Have a look at your loadbalncing pool screenshot. In your screenshot you entered the interface IPs, not the gateways as poolmembers. You have to enter the gateways there.
-
I must have been blind when I was reading the instructions ..
ThanksThe only problem I have now is that the dns queries deom the firewall seem to fail a lot .. I have provided all the machines on the local net with the primary dns server addresses for each of the ISPs as their DNS servers .. and this seems to get around the problem ..
Going to read through other posts in the forums, and the wiki to see if I can find a solution .. Thanks again for your help ..
-
This might happen if the main WAN of the pfSense is not always available (check status>systemlogs, loadbalancer). To make DNS failover too use one DNS of the WAN and one of the OPT-WAN at system>general. Then add a static route to OPT-WAN-DNS-Server/32 though OPT-WAN-Gateway at interface OPT-WAN. This way it will use the second DNS if the main WAN is down though the OPT-WAN interface.
Maybe it's just a problem with your monitor IP for the WAN Interface. Try to use a different monitor. If it doesn't always responds to pings the link will be taken down for at least 5 seconds.
-
Thanks ..
I will try this tonight and post how I go .. -
This might happen if the main WAN of the pfSense is not always available (check status>systemlogs, loadbalancer). To make DNS failover too use one DNS of the WAN and one of the OPT-WAN at system>general. Then add a static route to OPT-WAN-DNS-Server/32 though OPT-WAN-Gateway at interface OPT-WAN. This way it will use the second DNS if the main WAN is down though the OPT-WAN interface.
Maybe it's just a problem with your monitor IP for the WAN Interface. Try to use a different monitor. If it doesn't always responds to pings the link will be taken down for at least 5 seconds.
Could you explain how adding a static route in this case would be done? I dont really understand static routes.
My own solution was that I put in policy based routing for the DNS.
In Firewall : Rules : LAN
Interface LAN, Protocol UDP/TCP, Destination IP address:ISP1 DNS, Destination p$ort: 53 , Gateway = ISP1 Ethernet port.
Should this be OK? -
This is ok for connections that are running through the pfSense like if you have a dns server at LAN but can't be utilitzed by the pfSense itself as only connections running through the pfSense can make use of policybasedrouting/loadbalancing. To keep DNS-resolution on the pfSense itself (like for dns forwarder) you need that staticroute entry like described for the DNS-Server of the ISP at OPT-WAN.
-
have not been able to get to this for a few days ..
played with it tonight, and still having the same problems ..
DNS is being forwarded for a while, then it just stops .. and I cannot resolve DNS ..
the load balancer logs do not indicate a drop on the wan interface ..i think i might have something else misconfigured possibly .. any suggestions ..
-
Try to use a different external dns server. Maybe there is a problem with it.
-
the machine now has 3 different WAN connections …
will try changing the primary connection around, and changing the DNS servers ..what I do not understand is that the machines on the LAN are able to work perfectly, as long as they use the DNS servers of the ISP .. I have also set up an internal box with bind on Linux and that seems to run correctly also ..
I am sure I have an incorrect entry in the settings for the firewall, but not sure where exactly to look for it ..
Off to bed anyways .. will play with it again tomorrow .. -
I dont see your static routes. hoba suggested that you will need these. pls post your static routes.