MultiWAN with websites that require visitors to maintain same IP



  • What is your preferred way to deal with websites that don't tolerate the visitor switching IPs (e.g. Hotmail, read more at http://eu.squid-cache.org/KnowledgeBase/Hotmail), while still more or less balancing traffic to those website over multiple WAN links ?

    My idea was to break up LAN net into many small subnets, group them alternatively, and load them into pfsense alias tables

    E.g. one can break up a /24 local network into two (for dual WAN) groups, each consisting of several /29s:

    group1
    10.1.1.0/29
    10.1.1.16/29
    10.1.1.32/29
    10.1.1.48/29
    10.1.1.64/29

    group2
    10.1.1.8/29
    10.1.1.24/29
    10.1.1.40/29
    10.1.1.56/29
    10.1.1.72/29

    and finally do policy routing of http/https traffic from source IPs in group1 and group2 to destination IPs of Hotmail via WAN1 or WAN2 respectively.


  • Rebel Alliance

    Have you tested with "Sticky connections" enabled ?



  • I'm not quite sure that sticky option would work for Hotmail (http is stateless), since according to OpenBSD's pf faq:

    This "sticky connection" will exist as long as there are states that refer to this connection. Once the states expire, so will the sticky connection. Further connections from that host will be redirected to the next web server in the round robin.

    I also am still unclear about the status of "sticky" feature, since until recently there were reports of problems, and 148290 is still listed as unresolved in the Current problem reports assigned to freebsd-pf@FreeBSD.org


Locked