Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Loadbalancing ok so?

    Scheduled Pinned Locked Moved Routing and Multi WAN
    12 Posts 4 Posters 4.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      loom
      last edited by

      HI all!

      After years … I came back to pfsense and now on 2.0 everything is a little bit different for me.  ???

      I want a simple DualWan Setup with 1 Lan / Loadbalancing and Failover:

      What I made:


      –-

      –-

      I am not sure if the firewall rule I've created are ok for my setup.

      So looks ok for you guys?

      And where do I find an example for a simple loadbalancing setup in pfsense 2.0, as I don't really understand what to do if I only
      read through texts as they are in the http://doc.pfsense.org/index.php/Multi-WAN_2.0 under "Firewall rules".

      Ok thanks for reading and helping!!!!

      Stev

      1 Reply Last reply Reply Quote 0
      • M
        Metu69salemi
        last edited by

        just looking from pictures, you're rules seems okay, but when wangw goes down https trafic can't go out, you could use sticky connections instead.
        and another thing, you're only having tier1 setup(loadbalance) so you don't have failover

        1 Reply Last reply Reply Quote 0
        • A
          axelson
          last edited by

          But…

          Putting the fail-over issue to one side at the moment, does Loom's setup achieve balanced WAN distribution?

          Regards
          Axelson

          1 Reply Last reply Reply Quote 0
          • M
            Metu69salemi
            last edited by

            @axelson:

            But…

            Putting the fail-over issue to one side at the moment, does Loom's setup achieve balanced WAN distribution?

            Regards
            Axelson

            Maybe Loom can answer that one, but when looking from the rules, it should work

            1 Reply Last reply Reply Quote 0
            • L
              loom
              last edited by

              HI!

              First of all thanks for your fast comments.

              I've enabled sticky connections under system – misc, but read in another thread in here to setup https rule for 1 Wan. So I can delete this and let sticky connections take the part? Right?

              I've checked this configuration with 1 line connected and the other connected to 1 modemrouter but with no internet and it worked as it should. Showed me opt1 is offline and I got my internet only through WAN (so failover  ??? or not)

              I thought in the new  2.0 setup 1 group is enough for loadbalancing and failover?

              or should I create a second and third group with:

              WAN - Tier1
              OPT1 - Never

              WAN - Never
              OPT1 - Tier1

              ????

              Or do I missunderstand that Tier thing ? Which means the order of the Gateways  if 1 or more fail.
              In my thoughts it is meant so:
              Example:  a 4 WAN Setup:
              WAN - Tier1
              OPT1 - Tier 1
              OPT2 - Tier 2
              OPT3 - Tier 3
              WAN and OPT1 loadbalance, if WAN or OPT1 fail it uses the not failed adapter and OPT2
              If all 3 go offline it uses OPT3.
              Am I right?

              Thanks for your patience :-)

              Stev

              1 Reply Last reply Reply Quote 0
              • N
                Nachtfalke
                last edited by

                First: your loadbalancing group (balanced) is ok.
                second: your firewall rule for https is wrong. change source port to "any".
                third: to have failover for https your have to create a second Groupe with WAN1 = Tier1 and WAN2 = Tier2. Than use this group as gateway for https.
                fourth: SYSTEM -> ADVANCED: there is in some tab "allow gateway switching". enable this.

                Tier is the priotity: GWs in the same tier are doing loadbalancing.

                If you have GroupA:
                GW1=Tier1
                GW2=Tier1
                GW3=Tier2

                Then GW1 and GW2 are doing loadbalancing. If GW1 is down, then traffic only uses GW2 which has the same Tier. if GW2 and GW1 are both down, then it switches over to GW3 which has a lower Tier.

                1 Reply Last reply Reply Quote 0
                • N
                  Nachtfalke
                  last edited by

                  Further you need different DNS for every WAN interface. (SYSTEM -> General Setup)

                  WAN1 => DNS1 (e.g. 8.8.8.8)
                  WAN2 => DNS2 (e.g. 8.8.4.4)

                  1 Reply Last reply Reply Quote 0
                  • L
                    loom
                    last edited by

                    HI Nachtfalke,

                    Thank you for your Reply!
                    I will do everything as you mentioned tonight and upload again the pictures.

                    Why same DNS?

                    Had some tests before in Clearos I came back to Pfsense and there was a problem mentioned with the DNS:
                    The DNS servers configured on the  system will be provided by one or both ISPs. In our example, we are going to assume that ISP #1 provides the DNS servers. If a DNS request from your network goes out the ISP #2 connection, it might get blocked by ISP #1. Result: DNS requests will only succeed on ISP #1.

                    So same "openDNS" for each WAN should do the trick or not?

                    Stev

                    1 Reply Last reply Reply Quote 0
                    • N
                      Nachtfalke
                      last edited by

                      At least every Gateway should have a working DNS. So if one DNS goes down there should be another DNS for the Gateway so it can resolve names and you can continue browsing.

                      1 Reply Last reply Reply Quote 0
                      • L
                        loom
                        last edited by

                        HI Nachtfalke,

                        Yes you are right.

                        I am still using different DNS for each GW.

                        Stev

                        1 Reply Last reply Reply Quote 0
                        • M
                          Metu69salemi
                          last edited by

                          @Nachtfalke:

                          Further you need different DNS for every WAN interface. (SYSTEM -> General Setup)

                          WAN1 => DNS1 (e.g. 8.8.8.8)
                          WAN2 => DNS2 (e.g. 8.8.4.4)

                          @loom:

                          HI Nachtfalke,

                          Yes you are right.

                          I am still using different DNS for each GW.

                          Good, that is requirement

                          1 Reply Last reply Reply Quote 0
                          • L
                            loom
                            last edited by

                            So I made for my https following changes:

                            created new failover gateway:

                            gateway overview one for loadbalancing for all my traffic and the other failover for specific traffic needs which has trouble with multiwan connections:

                            and edited the firewall rule for my https traffic:

                            till now everything is working as it was before w/o pfsense :-)

                            I am going to test this setup on weekend when I have 2 separate lines for myself.

                            So far so good thanks to all and especially u Nachtfalke - u brought a little light to my mind about rules ans failover things :-)
                            Stev

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.