Dual WAN + LoadBalancing + Fail over + Multiply Public IPs
-
I am looking to set up Load Balancing and I had some questions on the fail over as well as other questions. Is there anyway we can use load balancing but have it use one line more then the other? We have comcast and will soon have another faster internet but we have to pay based on packets usage (don't ask I don't know the details). We also have multiply Public IPs from this ISP. So we have one from comcast and lets say 6 from this new ISP. 1 is used for load balancing and the other 5 are for internet servers. How do I set up the other 5 to go to their correct server? Do I use NAT or something like that? Also, is it possible to use DHCP with load balancing? Comcast has us in DHCP, or do I have to reconfigure each time our IP changes (about every 6 months or so)? And finally the stupid question, in a load balance, if one line gos down will the other still run if it is in the load balance list and when the other is back up will it start using it again?
-
The balancing is roundrobin, so there is no weighting between different lines. This is currently not possible. Single lines that are down get excluded from the pool for as long as they are down and will be used again if they become available again. This doesn't affect other lines in the balancingpool. Other option for pools is to use failoverpools. It will use the most top in the list available link only. DHCP for Pools works with the latest snapshots though DHCP itself has some issues atm under some special conditions. We are working hard on fixing this. For the servers you set up Virtual IPs. These can then be natted to different hosts.
-
How would I set up a DHCP load balancing? All I can find are load balancing with static and one even says they have to be static. Right now out plan is to use our Cisco 806 router and make it act like a gateway so that the pfSense server gets a static and the gateway gets the DHCP from comcast.
-
They have to be static for 1.0.1 release, but with the new snasphots we changed this. You basically just configure the interfaces with dhcp and reference the interface name instead of an gateway IP with the pool. This way the gateways inside the pool will get rewritten on IP changes.
-
When does the new snapshot come out then? ;D
-
They are build hourly from the current code: http://snapshots.pfsense.com/FreeBSD6/RELENG_1/
-
Cool. Is it a firmware update or do I have to install that different? I was trying the firmware upload but it was saying:
The digital signature on this image is invalid.
This means that the image you uploaded is not an official/supported image and may lead to unexpected behavior or security compromises. Only install images that come from sources that you trust, and make sure that the image has not been tampered with.Do you want to install this image anyway (on your own risk)?
-
These images are not signed. just confirm that you want to apply the update. In case you have already pools set up edit them after applying the update, delete all poolmembers and readd them with the new logic.
-
Hi Hoba,
Do we still have to edit the pools? -
Only when going from a config that was generated with the old logic (manually entering gateway IPs) to the new snapshots with the different logic (referencing interface names).
-
A just had a thought. When setting up Dual WAN, don't you need to put both DNS IPs in to pfSense? If so, how and where? Also, is it possible to do a transparent proxy system with load balancing?
-
Transparent proxy won't work currently with loadbalancing, at least when using the squid package on pfSense itself. Only connections through the pfSense can be balanced. We are working on making the DNS setup easier currently but for the meanwhile you need the procedure with static routes that can be found numerous times here in the forum.
-
What if I am not using pfSense Squid pack? I have a Squid and Privoxy proxy server that is independent, but I would like to make it so they can't get around it. If they can bypass our proxy, they will do it and it means big trouble for us.
-
You can transparently redirect traffic back to your proxy and only allow the proxy to leave to the internet on port 80. These connections then can of course be balnced. This limitation only affects services that are run directly at the pfsense itself.
-
I am having trouble getting everything working now. My fiber line just got down so I am doing some testing. One NIC is plugged int the fiber gateway and the other is in my router for the other line (can't take the internet down). So I followed the load balancing in the documents but it doesn't seem to work right. it says both are down. The only changes are some of the names that were used. I can't figure out why it isn't working like it should.
I have cable with DHCP and a fiber line with Static. Both with different DNS servers. I will try and get some screen shots posted, but the screen shots in that document are almost the same as mine.
-
Make sure you do not use the same monitoring IP at both interfaces. monitoring IPs have to be unique.
-
They are different. One is looking at a router at 10.10.10.1 and the other is looking at the gateway at 64.20.192.185. So they are different. Also found out that my new line has some problems so it is down right now. Will adding DNS servers to the XML config and then uploading really work? And here is a screen shot of my static routes for the DNS, was wondering if I did it right as well as my rules. Getting alerts that something is wrong with one of them, the one that says LAN > WAN + WAN2. It is set up like the help doc for load balancing with fail over.
http://doc.pfsense.org/index.php/Multi-Wan/Load-Balancing
-
The screenshots look valid to me. Make sure your monitor IPs are pingable and mapped to the correct interface. What exactly is the error message that you get? You can copy paste it from status>systemlogs.
-
It is a filter load rule error. I didn't see it in the log. It comes up in the alert window and it says the rule with description "LAN > WAN + WAN2" can't load. This rule is the second one in the list (the one with the bad circle around it). I also have one of my internet's hooked up to the system to get it going but the load balancer shows it off line and I am not sure why. I know the monitor IP is pingable and they are mapped right. My other concern is the DNS, did I set it up right? I also have one DNS from the 2 in the General Settings and the others are in th Static Routes.
-
Here is the error I get:
Acknowledge All .:. 03-01-07 09:32:43 - [filter_load]There were error(s) loading the rules: /tmp/rules.debug:138: syntax errorpfctl: Syntax error in config file: pf rules not loaded The line in question reads [138]: pass in quick on $lan route-to { ( fxp0 ) , ( fxp1 64.20.192.185 ) } round-robin from 192.168.1.0/24 to keep state label USER_RULE: LAN > WAN + WAN 2 .:.