Loadbalancing ok so?



  • HI all!

    After years … I came back to pfsense and now on 2.0 everything is a little bit different for me.  ???

    I want a simple DualWan Setup with 1 Lan / Loadbalancing and Failover:

    What I made:


    –-

    –-

    I am not sure if the firewall rule I've created are ok for my setup.

    So looks ok for you guys?

    And where do I find an example for a simple loadbalancing setup in pfsense 2.0, as I don't really understand what to do if I only
    read through texts as they are in the http://doc.pfsense.org/index.php/Multi-WAN_2.0 under "Firewall rules".

    Ok thanks for reading and helping!!!!

    Stev



  • just looking from pictures, you're rules seems okay, but when wangw goes down https trafic can't go out, you could use sticky connections instead.
    and another thing, you're only having tier1 setup(loadbalance) so you don't have failover



  • But…

    Putting the fail-over issue to one side at the moment, does Loom's setup achieve balanced WAN distribution?

    Regards
    Axelson



  • @axelson:

    But…

    Putting the fail-over issue to one side at the moment, does Loom's setup achieve balanced WAN distribution?

    Regards
    Axelson

    Maybe Loom can answer that one, but when looking from the rules, it should work



  • HI!

    First of all thanks for your fast comments.

    I've enabled sticky connections under system – misc, but read in another thread in here to setup https rule for 1 Wan. So I can delete this and let sticky connections take the part? Right?

    I've checked this configuration with 1 line connected and the other connected to 1 modemrouter but with no internet and it worked as it should. Showed me opt1 is offline and I got my internet only through WAN (so failover  ??? or not)

    I thought in the new  2.0 setup 1 group is enough for loadbalancing and failover?

    or should I create a second and third group with:

    WAN - Tier1
    OPT1 - Never

    WAN - Never
    OPT1 - Tier1

    ????

    Or do I missunderstand that Tier thing ? Which means the order of the Gateways  if 1 or more fail.
    In my thoughts it is meant so:
    Example:  a 4 WAN Setup:
    WAN - Tier1
    OPT1 - Tier 1
    OPT2 - Tier 2
    OPT3 - Tier 3
    WAN and OPT1 loadbalance, if WAN or OPT1 fail it uses the not failed adapter and OPT2
    If all 3 go offline it uses OPT3.
    Am I right?

    Thanks for your patience :-)

    Stev



  • First: your loadbalancing group (balanced) is ok.
    second: your firewall rule for https is wrong. change source port to "any".
    third: to have failover for https your have to create a second Groupe with WAN1 = Tier1 and WAN2 = Tier2. Than use this group as gateway for https.
    fourth: SYSTEM -> ADVANCED: there is in some tab "allow gateway switching". enable this.

    Tier is the priotity: GWs in the same tier are doing loadbalancing.

    If you have GroupA:
    GW1=Tier1
    GW2=Tier1
    GW3=Tier2

    Then GW1 and GW2 are doing loadbalancing. If GW1 is down, then traffic only uses GW2 which has the same Tier. if GW2 and GW1 are both down, then it switches over to GW3 which has a lower Tier.



  • Further you need different DNS for every WAN interface. (SYSTEM -> General Setup)

    WAN1 => DNS1 (e.g. 8.8.8.8)
    WAN2 => DNS2 (e.g. 8.8.4.4)



  • HI Nachtfalke,

    Thank you for your Reply!
    I will do everything as you mentioned tonight and upload again the pictures.

    Why same DNS?

    Had some tests before in Clearos I came back to Pfsense and there was a problem mentioned with the DNS:
    The DNS servers configured on the  system will be provided by one or both ISPs. In our example, we are going to assume that ISP #1 provides the DNS servers. If a DNS request from your network goes out the ISP #2 connection, it might get blocked by ISP #1. Result: DNS requests will only succeed on ISP #1.

    So same "openDNS" for each WAN should do the trick or not?

    Stev



  • At least every Gateway should have a working DNS. So if one DNS goes down there should be another DNS for the Gateway so it can resolve names and you can continue browsing.



  • HI Nachtfalke,

    Yes you are right.

    I am still using different DNS for each GW.

    Stev



  • @Nachtfalke:

    Further you need different DNS for every WAN interface. (SYSTEM -> General Setup)

    WAN1 => DNS1 (e.g. 8.8.8.8)
    WAN2 => DNS2 (e.g. 8.8.4.4)

    @loom:

    HI Nachtfalke,

    Yes you are right.

    I am still using different DNS for each GW.

    Good, that is requirement



  • So I made for my https following changes:

    created new failover gateway:

    gateway overview one for loadbalancing for all my traffic and the other failover for specific traffic needs which has trouble with multiwan connections:

    and edited the firewall rule for my https traffic:

    till now everything is working as it was before w/o pfsense :-)

    I am going to test this setup on weekend when I have 2 separate lines for myself.

    So far so good thanks to all and especially u Nachtfalke - u brought a little light to my mind about rules ans failover things :-)
    Stev


Log in to reply