Dual WAN, One ISP, balancing possible?

Gnurf

Hello all.

New to PFSense, but liking it, what I´m trying to achive is more bandwith through dual WAN.

My ISP allows me a number of public IP´s and certain bandwith to go with each IP. All IP´s have the same GW and on same subnet. I get them through DHCP.

Example:
I have one TP-cable (ISP delivers through a RJ-45 connection) connected to a hub (100/100), through which I get one public IP per connected computer (say 213.x.x.15 and 213.x.x.85) and then 10mb up/10mb down per computer (IP).

My thought was to connect those two cables to a PFsense box and this way getting 20/20 mb connection.
PFsense box at time being is an AMD 2800+ Sempron with onboard NIC, two Netgear 10/100 NICs, 512meg and using 1.0.1-SNAPSHOT-01-11-2007

I tried loadbalancing and it works.. Kindof.. It only allows one WAN at the time to be active, so it either uses WAN1 or WAN2, never giving me more than 10 mb in each direction. So it is either WAN1 or WAN2 that gets the bandwith while the other gets none. It never gets "balanced" so PFsense uses both WANs at the same time…

I tried following the wiki on balancing and made a pool using WAN1 and WAN2 and different monitoring IP´s (WAN1 monitoring google and WAN2 monitoring yahoo), and in my Firewallrules pointing the LAN GW to my pool. No luck.

Is what I am trying to achive possible? Feels like since I´m using the same GW/ISP and subnet on both WANs, it just doesnt get balanced properly (or the way I want). or am I doing something horrobly wrong?
Tried searching the forum, but did not succed in getting answeres I needed.

213.x.x.15 (GW=213.x.x.1)
                   /                                       
ISP -  (HUB)                                           PFSensebox - LAN 192.x.x.x
                   \                                       /
                    213.x.x.85 (GW=213.x.x.1)

Thanks all..

hoba

Unfortunately you need unique gateways for loadbalancing/policybased routing. Maybe you can work around with that by setting up VIPs for each of your public IPs and create some nats that will send half of the traffic out natted to IP1 and the other half natted to IP2 and so on.

Gnurf

Hmmm..

Any thoughts, tips or pointers in that direction?

How can I achieve what your saying?

hoba

Add the additional IPs at firewall>virtual IP (try ProxyARP or CARP). Then go to firewall>nat, outbound tab. Enable advanced outbound NAT and add some mapping to nat some of your traffic to the real WAN IP and some other part of traffic to the virtual IP.

Gnurf

Thanks for your quick replies..

Won´t what you´re suggesting mean that it wont be "real" loadbalancing, but only in cases specified in NAT-rules?
Thus, not all traffic will be balanced..?

Ahwell… Seems like there is no "easy" way to get this going...
Even though I can see 2 public IPs on my box, I cannot use them at the same time..  :-\

hoba

It's not a real lodbalancing, that is correct. More like a policybased routing.

GruensFroeschli

might it not be possible to have a standard 20$ router between one of the IP's and the Pf?

213.x.x.15 (GW=213.x.x.1) –- cheaprouter ---(some_private_network)
                  /                                                                                   
ISP -  (HUB)                                                                                        PFSensebox - LAN 192.x.x.x
                  \                                                                                    /
                    213.x.x.85 (GW=213.x.x.1) ---------------------------------

for line1 as monitor IP 213.x.x.1
and for line2 as monitor IP an IP one hop behind 213.x.x.1

i'm not sure if that would work ^^"

hoba

It might work. Haven't tested such a config yet. Not sure what would happen though when tracerouting across the cheap router and if the states get messed up.  ;)

GruensFroeschli

as in this thread:
http://forum.pfsense.org/index.php/topic,2679.0.html

In my test-environment i used 2 boxes and had a static WAN IP on each of them in the same subnet.
(my university's network was the ISP ;) )

ISP subnet: 160.85.39.0/24
ISP router: 160.85.39.1/24
ISP proxy: 160.85.39.2/24
WAN1: 160.85.39.120/24
WAN2: 160.85.39.121/24
crosslink: 10.10.10.x/30

ISP-subnet
            /       
          /           
        /               
WAN1                  WAN2
  |        crosslink      |
pf1–---------------pf2
  |                          |
LAN1                    LAN2

loadbanace worked from each of the 2 LAN's well. (with all the necessary pools and firewallrules in place).
As monitor IP's i've used on both of the WAN's directly the next router (160.85.39.1)
and on the crosslink i've used on both as monitor IP the proxy (160.85.39.2)

So far that worked well but i didnt do anything with tracrouting ^^"

Eson

Hi

Im pretty sure the original poster has BBB Sweden as ISP. They provide med with an 100/10mbit connection, with that I get 5 public IPs and the weird thing is, as the original poster said, that they dont limit the upload anywhere. I will only have 100mbit down in total but I get 10mbit upload per IP so in a sense I have a 100/50mbit connection if I could only use all 5 IPs bandwith at the same time. I would settle for 20 or 30mbits though :) I dont want to have it in total at the same time though as per the original poster, I just want to be able to utilize the 10mbit connections for different servers.

Lets say for example that I have an ftpserver and my main computer, could I with pfsense and the virtual IP-thing suggested above have my FTP-server use one of the 10mbit and my main computer the other? You might say then why dont just place the FTP server on a public IP directly, well I just want to have all this behind one firewall.

databeestje

No you can not use the load balancer when both interfaces share the same address space or gateway.

majedalanni

Dear
I bought a hardware with dual wan and put two wire from my hub.
the two WANS IP (10.175.175.1/8,10.175.175.2/8) and they have same GW 10.1.1.1
and the bandwidth double and its work

but how I make this with pfsense?

Regards

hoba

@majedalanni:

Dear
I bought a hardware with dual wan and put two wire from my hub.
the two WANS IP (10.175.175.1/8,10.175.175.2/8) and they have same GW 10.1.1.1
and the bandwidth double and its work

but how I make this with pfsense?

Regards

The solution is right above in this thread. Please read more closely.

majedalanni

Dear

What I want to  say why the hardware make the sum of bandwidth without error and why the pfsense cant do ???  :-\

hoba

@majedalanni:

Dear

What I want to  say why the hardware make the sum of bandwidth without error and why the pfsense cant do ???  :-\

I don't understand this sentence. Please try to find some other words.

majedalanni

sory for my bad english

but I want to know can pfsense sum bandwith for 10 WAN IP (same gateway) like the hardware dual wan  (SMCBR24Q) and if no …......... why ?

hoba

It can, but you need different gateways (at least if you want to balance it). Other option is to use 1:1 or advanced outbond nat like described above but that won't give you balancing but only simultaneous use by different clients.

majedalanni

dear

And in future is it support?
and If I make advance NAT is it sum the bandwidth ?

and many thaks for you ;D

hoba

I think bill said in a similiar thread that it could be done but our gui doesn't support it. If that is the case we might add support for it later.

If you use advanced outbound NAT it will sum up the bandwidth but you need several clients to use all of the bandwidth. None of the clients can use more than one IPs up/down restrictions though.

majedalanni

OK

If I make this topology

10 ip one GW                                      1 IP and 9 Sub          configure with multi GW
ISP –-------------- Switch----------Router----------------pfsense-----------------------------

--------ISA Server-------Clients

it is work ?
and really I need make this work and I am sorry for disturb  you  :P

Justinw

I honestly haven't read this entire thread but I can confirm that you can load balance with the same actual gateway using routers.  Here is my setup:

/–----routera10.10.10.1---------Wan-10.10.10.10
ISP
    -------routerb11.11.11.1---------opt1wan2-11.1.11.11
I set it up like that and it worked just dandy.

I will also tell you that I tried it like this:
      /------DSLtransprentPPPoEmode---------Wan-PPPoE
ISP
    -------routerb11.11.11.1---------opt1wan2-11.1.11.11
and if failed, not sure why though.  It may have just been when I tried that particular setup, I put in a rule incorrectly.  Anyways, hope that helps.  Also if your having dns problems after doing this, the routing tables may be going screwy, but so far it hasn't happned for me.

hoba

@Justinw:

I will also tell you that I tried it like this:
      /–----DSLtransprentPPPoEmode---------Wan-PPPoE
ISP
    -------routerb11.11.11.1---------opt1wan2-11.1.11.11
and if failed, not sure why though.

There is a known bug that prevents usage of a PPPoE connection for pools. We are working on fixing this.

majedalanni

Dears

But as you see I have 10 IP that mean I need 10 routers or I make Vlans???
or I can make Sub IP in the external router (only One router) and I configure pfsense to use every sub IP as a gateway

please see the attachment this is my Topology and the second one I need to do it Can I ?

majedalanni

please any answer

sullrich

As hoba said, this DOES NOT work currently.  Sorry!

majedalanni

Thanks alot

any another software you preferd ??

databeestje

If you have one isp and 1 internal server it's pointless.

And I do not see why you want it either.

majedalanni

Dears

Hi agian

I make this toplology by combine pfsense and mikrotik in one pc (VMWARE)

and when I download with accelarator is download from all ip and when download from IE it download from one IP .
is this OK and not make problems