Multiwan browsing and gaming



  • ive setup my pfsense 2.0rc3 multiwan(2 dsl line) as loadbalance(both tier1) and i would like to separate gaming and browsing to prevent lag on games if someone downloads or use multiple video streaming
    gaming=dsl1
    browsing=dsl2

    in my rules port 80 and 443(port for browsing) which I assigned to dsl1 and all other are assigned to dsl2. ..my problem is when i tried to check my wan ip using whats my ip.com if browsing really goes to dsl1 only and after a series of page refresh the wan ip changes from dsl1 and dsl2 that means my rules is not correct?



  • IMHO, loadbalance is not the solution to your problem. A more appropriate one is the fail-over.
    Create a group like failover1 where wan1 is in tier1 and wan2 is in tier2.
    Then create antoher group where wan1 is in tier 2 and wan2 is in tier1.

    then in your lan rules,

    TCP   LAN net   *   *   browsingports   failover2   prioritize http on dsl2, only goes to dsl1 if dsl2 is triggered by high latency, packet loss or member down.
     *             LAN net   *   *   *                   failover1   prioritize gaming on dsl1, only goes to dsl2 if dsl1 is triggeredby high latency, packet loss or member down.

    browsingports is an alias with port 80 and 443.

    I found out that it is not possible with the above suggested setup because I can't use the alias of ports in the LAN  rule. We are almost the same requirement, although yours is to separate the browsing and gaming, mine on the other hand is browsing and non-browsing during office hours. So what I did is:
                                                                                                      Schedule
    TCP  LAN net  *  *  80 (HTTP)  WAN1          none  WorkingHours
    TCP  LAN net  *  *  443 (HTTPS)  WAN1        none  WorkingHours 
    *  LAN net  *  *  *                  WAN2          none  WorkingHours 
    *  LAN net  *  *  *                  LoadBalance  none                            Default allow LAN to any rule with Load Balance



  • I did what you are doing, kind of. But you should make it failover, not load balancing.
    I just created lan rules for which games and browsing.
    By that I mean all data goes through the first one.
    Except you add a lan rule in the lan part of the firewall so like on port 27015 you add a new rule, and then on the gateway part way down you set it to your second modem.
    I do this, it works nice.

    Here's a picture
    this is the lan tab on firewall



  • heres my rules is it correct?

    Uploaded with ImageShack.us



  • @jigglywiggly:

    I did what you are doing, kind of. But you should make it failover, not load balancing.
    I just created lan rules for which games and browsing.
    By that I mean all data goes through the first one.
    Except you add a lan rule in the lan part of the firewall so like on port 27015 you add a new rule, and then on the gateway part way down you set it to your second modem.
    I do this, it works nice.

    Here's a picture
    this is the lan tab on firewall

    when i set it to fail over tier1(dsl1) and tier2(dsl2) games are lagy



  • @jikjik101:

    IMHO, loadbalance is not the solution to your problem. A more appropriate one is the fail-over.
    Create a group like failover1 where wan1 is in tier1 and wan2 is in tier2.
    Then create antoher group where wan1 is in tier 2 and wan2 is in tier1.

    then in your lan rules,

    TCP   LAN net   *   *   browsingports   failover2   prioritize http on dsl2, only goes to dsl1 if dsl2 is triggered by high latency, packet loss or member down.
     *             LAN net   *   *   *                   failover1   prioritize gaming on dsl1, only goes to dsl2 if dsl1 is triggeredby high latency, packet loss or member down.

    browsingports is an alias with port 80 and 443.

    I found out that it is not possible with the above suggested setup because I can't use the alias of ports in the LAN  rule. We are almost the same requirement, although yours is to separate the browsing and gaming, mine on the other hand is browsing and non-browsing during office hours. So what I did is:
                                                                                                      Schedule
    TCP  LAN net  *  *  80 (HTTP)  WAN1          none  WorkingHours
    TCP  LAN net  *  *  443 (HTTPS)  WAN1         none  WorkingHours 
    *  LAN net  *  *  *                   WAN2          none  WorkingHours 
    *  LAN net  *  *  *                  LoadBalance  none                            Default allow LAN to any rule with Load Balance

    are u using 1.2.3?



  • @xtreme698866:

    heres my rules is it correct?

    Uploaded with ImageShack.us

    Your rules seems to be ok, but you could use port alias for browsing, then you can assign ports 80 and 443, no need to open anything between 80-443



  • @Metu69salemi:

    @xtreme698866:

    heres my rules is it correct?

    Uploaded with ImageShack.us

    Your rules seems to be ok, but you could use port alias for browsing, then you can assign ports 80 and 443, no need to open anything between 80-443

    this is where the port 80-443 came from i selected http and https…

    Uploaded with ImageShack.us


  • Netgate Administrator

    You have selected every port between 80 and 443 not just 80 and 443 that's probably where your problems come from.

    If you aren't using laodbalancing at all, you don't seem to be, there is no point have a load balancing gateway setup at all. This would just put more overhead on pfSense.

    You are just using policy based routing.

    Steve



  • I'm using 2.0RC3. Actually i would like to correct my last post. You can use the port aliasing.

    Create an alias for web browsing ports. (80 and 443).
    Then as what metu69salemi said, use the port alias for 80 and 443 only. you can only use the port alias if you select "OTHERS" instead of http or https.

    @Metu69salemi:

    @xtreme698866:

    heres my rules is it correct?

    Uploaded with ImageShack.us

    Your rules seems to be ok, but you could use port alias for browsing, then you can assign ports 80 and 443, no need to open anything between 80-443



  • change my pfsense to failover( tier1 and tier2) and fix my port range hope that will fix my failover problem…thanks


Locked