[SOLVED] Outbound Load Balancing - Not Working

nutt318 · Jun 29, 2011, 8:36 PM

I've read the above sticky article about outbound load balancing and I thought to have set it up right, but it looks like I have something wrong.

I've got both of my WANs setup under System > Routing > Gateway Tab, I see my default wan interface (static IP) and also my WAN2 which is a private address from the office next doors internet.

Now to the Groups Tab, I created a new group called 'multiwan' and have both my isp WAN1 and office next door isp WAN2 both set to 'Teir 1', trigger level is set to 'Member Down'

Now Under Firewall > Rules > LAN Tab I changed the default rule '* - LAN net - * - * - * - multiwan - none.

So, everything works great but when I unplug WAN1 no internet, also the web gui for pfsense is super slow. I plugin WAN1 everything works great. Unplug WAN2, internet still worked.

Is there something I'm missing?

Current Version is 2.0-RC3, updated just a few hours ago.

Thanks.

spiritbreaker · Jun 29, 2011, 8:23 PM

Hi,

So, everything works great but when I unplug WAN1 no internet, also the web gui for pfsense is super slow

Thats because ur dns isnt working when pfsense checks for update.

What kind of wan connections u have?

Allow gateway switching.

cya

![System Advanced Miscellaneous.jpg](/public/imported_attachments/1/System Advanced Miscellaneous.jpg)
![System Advanced Miscellaneous.jpg_thumb](/public/imported_attachments/1/System Advanced Miscellaneous.jpg_thumb)

nutt318 · Jun 29, 2011, 8:35 PM

Thanks SpiritBreaker, the allow gateway switching did the trick!

the.it.dude · Jun 29, 2011, 11:58 PM

I think I'm having the same problem. Mind if I ask where in the GUI the "Allow Gateway Switching" setting is?

Thx

nutt318 · Jun 30, 2011, 12:02 AM

System > advanced > misc. Tab

the.it.dude · Jun 30, 2011, 1:22 PM

Ahh, Thanks for the pointer.

I think I found my problem. I had accidentally left the Gateway on "None" for my OPT1 interface.

However, should this option be enabled for outbound failover? It's not in the Sticky anywhere (that I noticed). Or will just having the Gateway group setup do the trick?

nutt318 · Jun 30, 2011, 1:57 PM

Which option?

After you have properly configured both of your interfaces then go to the System > Adavanced > Gateway Tab. If both interface gateways are no in there then you will need to add it. Also which ever is your primary internet connection have it set as your default gateway, 1 of them will have to be the default. Next go to the Groups Tab and setup a new group, Configure both gateways to be 'Teir 1' and your trigger level to whatever you'd like. Then go to Firewall > Rules > Lan Tab and edit the default allow LAN to any rule. On the rule you will want to set the gateway to the the gateway group you just configured.

Hope that helps.

the.it.dude · Jun 30, 2011, 4:06 PM

nutt,

That's exactly how I have it configured. Need to wait until the end of the day to actually pull the ethernet cable and test. I'm just wondering what the "Allow Gateway Switching" is needed for?

Thanks,

Jeff

nutt318 · Jun 30, 2011, 4:08 PM

Make sure the allow gateway switching is checked, this allows it to switch between which gateway is the active gateway. Thus allowing your internet connection to switch over to the other automatically.

the.it.dude · Jun 30, 2011, 4:49 PM

Shouldn't that be part of the above Sticky then?

nutt318 · Jun 30, 2011, 4:54 PM

Yes, I do agree. That is the missing part to the sticky.

jimp · Jul 5, 2011, 2:20 PM

That checkbox is not required, and will break some people's setups. There is a reason it was made an option and then disabled by default.

the.it.dude · Jul 5, 2011, 2:41 PM

Hmm,

Like Nutt, I had to enable that checkbox in order for failover to work. But, then it was still flaky until I went back and unchecked the Gateway Monitoring checkbox on the Misc. tab (I had originally checked that in order for the GUI to be responsive during initial config when I had the WAN disconnected).

Now that I said that, maybe I should test again with both the Gateway Switching unchecked and the Gateway Monitoring unchecked. (In other words, the default settings)

I'll post back with results.

Jeff

jimp · Jul 5, 2011, 2:53 PM

If checking that box made it work, then you must have missed some other bit (perhaps making sure you have a DNS server available on your second WAN).

http://doc.pfsense.org/index.php/Multi-WAN_2.0

the.it.dude · Jul 5, 2011, 3:06 PM

jimp,

That must be it. I have the OpenDNS servers listed with the Gateway set to None. Should I change them to WAN and then add the same ones again with the Gateway set to OPT1?

Thanks,

Jeff

jimp · Jul 5, 2011, 3:07 PM

Either that, or pick one for WAN, and one for your other WAN (see the DNS section of the page I linked)

the.it.dude · Jul 5, 2011, 7:57 PM

jimp,

That did the trick!

Reset misc. options to default and made sure DNS was set correctly for both WAN connections. Failover worked beautifully!

Thanks!

Jeff