Resolved Pfsense 2.0 RC1 LoadBalacing, But Non Default Gateway Failover Working?

farrukhndm

2.0-RC1 (i386)
built on Sat Feb 26 15:30:26 EST 2011

I have 2 ISP WAN connection
LAN =192.168.1.3
WAN1=204.87.11.3/29  ;GW 204.87.11.3
WAN2=206.98.11.30/30 ;Gw 206.98.11.29
DNS Server=8.8.8.8
DNS Server=4.4.4.4
(Above IPs are Dummies)

System: Gateway Groups

Group Name Gateways Priority Description

Wan1BalanceWan2 OPT1GW WANGW  Tier 1  Tier 1

WAN1FailoverWan2 OPT1GW   WANGW Tier 2  Tier 1

WAN2FailoverWAN1 OPT1GW   WANGW Tier 1 Tier 2

Name             Interface Gateway                Monitor IP

OPT1GW    (default) OPT1     206.98.11.29  8.8.8.8(DNS)

WANGW                WAN    204.87.11.3 4.4.4.4

When i add given rules to my LAN ,My All network goes down and Voip Application stop working ???????? :(
3) Firewall: Rules

• LAN net * * * * Wan1BalanceWan2   Default allow LAN to any rule

Please guide Whats wrong.. its almost 15 days passed to get

Nachtfalke

Hi,

it is not necessary to create the two groups WAN1failoverWAN2 and WAN2failoverWAN1 for failover. This was in 1.2.3.

In 2.0 you enter the Tier-Lever. equal levels do load balancing and if one line goes down it automatically switches over to the other line and vice versa.

In your firewall rule you only added TCP as protocol. Try to use here "any" oder "TCP/UDP". As far as I know, VoIP is using UDP like many other "realtime applications".
If LoadBalancing is working on your configuration try
http://www.pfsense.org/ip.php
Try refreshing the site several time and take a look, if the IP changes.

But remember not all protocols are able to use LoadBalancing:
http://doc.pfsense.org/index.php/Multi_WAN_/_Load_Balancing#Set_up_useful_aliases

Or you try "Sticky connections" under "SYSTEM -> ADVANCED" and there I think "NETWORK".

skear

You might also want to take a look under Status\Gateways and make sure both gateways have a status of online.

And when you add the LAN rule to direct traffic to Wan1BalanceWan2 you should delete the other default lan rule.  So in your screenshot delete the rule with a description "default allow LAN to any rule".

Nachtfalke

@skear:

You might also want to take a look under Status\Gateways and make sure both gateways have a status of online.

Right.

And when you add the LAN rule to direct traffic to Wan1BalanceWan2 you should delete the other default lan rule.  So in your screenshot delete the rule with a description "default allow LAN to any rule".

Not correct at all. In the screenshot this rule is disabled and so it is ok.

skear

And when you add the LAN rule to direct traffic to Wan1BalanceWan2 you should delete the other default lan rule.  So in your screenshot delete the rule with a description "default allow LAN to any rule".

Not correct at all. In the screenshot this rule is disabled and so it is ok.

Ahh you're right, I did not notice it was disabled.

farrukhndm

Still No success of loadBalacning ,When I download some file it always Go to default Gateway rather Using Wan1BalcningWan2.
pleas check corresponding logs .


Nachtfalke

Your firewall rule seems to be wrong for my understanding.
Why did you enter port 8080 as destination ?
This means, that this rule only works for destination addresses with port 8080. Normal http (80) or https (443) will not be applied to this rule.

Further I think you totally misunderstood LoadBalancing (or I did with your question).

LoadBalancing does NOT mean, that you have double speed. It does NOT double DSL1 (2MBit/s) and DSL2 (5MBit/s) to one line with 7MBit/s. It will just help you to load the balance over these two lines. If you start two downloads, one will downloading over DSL1 with 2MBit/s and the othr will downloading over DSL2 with 5Mbit/s.

You could test if your loadbalancing is working while surfing to this page and refresh this page several times after another
http://www.pfsense.org/ip.php
Then you will see, that your IP changes (DSL1 <-> DSL2). But before this will work you have to correct your firewall rule (destination port to any).

Another good site to test ist maps.google.com and zoom in and out. Than you can see that bothe lines will use LoadBalancing.

farrukhndm

Forum pfsense

Your firewall rule seems to be wrong for my understanding.
Why did you enter port 8080 as destination ?

On port 8080 My Squid is listening,So i just route traffic with outbound request for 8080.I think its correct. Further also checked destination to <any>but it doesn't impact of load balancing .
After changing destination port to <any>in firewall rule
when i check the Ip ,it always uses the WAN IP whose Gateway is set to default

http://www.pfsense.org/ip.php
Your IP is 2xx.xxx.xxx.130
Your IP is 2xx.xxx.xxx.130
Your IP is 2xx.xxx.xxx.130
Your IP is 2xx.xxx.xxx.130
Your IP is 2xx.xxx.xxx.130

(Still my Load balancing of traffic is not working ???????)

LoadBalancing does NOT mean, that you have double speed. It does NOT double DSL1 (2MBit/s) and DSL2 (5MBit/s) to one line with 7MBit/s

Yes i was thinking wrong that load balancing double speed of your WAN Links,so its clear know.
Is there any way to double speed of my WAN Links in pfsense ???

Further what i observe,All traffic goes through the Default gateway rather going from Wan1BalanceWan2
I put all load but all traffic passing to interface which is set default.

please guide me whats next???

</any></any>

Nachtfalke

Do both of your WAN connections are in the same subnet / having the same gateway ?
If you can answer this with "yes", then it doesn't work without a trick.

LoadBalancing at the moment only works, if both WANs have different gateways.

farrukhndm

WAN1 Gateway and WAN2 Gatway are different with differnent subnets but ISP is same.its mean DNS are same which makes no differance .

Still No Clue where i am wrong in configuring LoadBalancing.

Why my traffic goes to Default gateways rather than going from Ladbalcing (Group Gateway)???

farrukhndm

One thing that i miss to told you i am running Proxy Squid ,And i think squid always route traffic through Default gateway ?????

Here is another Thread that explain how to squid traffic load balancing

http://forum.pfsense.org/index.php/topic,33895.0.html

But still i am facing problem with error

Connection to Failed
The system returned:

(49) Can't assign requested address

Please please help me help me ..

Guest

To effectively double your speed, you would need to use BGP or something similar. I'm going through the process of setting this up where I work, we have a paired T1 line giving us 3mbps, and a single T1 @ 1.5mbps.

Pfsense has a BGP package, but I couldn't tell you how to set it up, we're relying on our ISP to configure this for us.

farrukhndm

Hi,
WanGw(Default)
OptGw()
Please get screen shots of My Pfsense 2.0 RC1 with Squid Load Balacing working , failover Work only when Non Defult GatewaysI(OptGw) in My Routes goes down.
When My Default Gateway(WANGw) goes down.My Internet Stop working ???? Any help.

Squid Still send its traffic to defult gateway ?????? is there any way to Fully working fail over if Default gateway goes down


eri--

just choose on squid loopback interface and modify your floating rule to say from 127.0.0.1/8 and not from WAN address without an interface selected.

farrukhndm

Browsing Strucked! after change given settings ????
i changed the rule
1)Squid on Loopback interface
2)Floating from 127.0.0.1/8
3)Firewall LAN Enabling Rule as in attached image
4)Firewall LAN Disabling Rule as in attached image


heper

also add a floating rule for dns …..

out tcp/udp dest_port 53  GW:loadbalance

farrukhndm

Don't affect,

If i only use  LoopBack interface in Squid ,browsing dosn't work,so i have to use Both LAN+Loopback. Also apply DNs Rule on Floating but no affect.

What i perceive now, No One can done Failover for Default Gateway !!! Am i right .

Where are the Pfsense Developers ??? they have placed feature of Load balancing .Please Guide us in how to achieve Failover +Squid

regards