4. Dual WAN Failover and Load Balancing not working

Dual WAN Failover and Load Balancing not working

  • B

    Hi All
    I set up pfsense, but my failover is not working and im not sure if my load balancing is working too. I have read some comments in the forum regarding failover, they are saying that wan failover only works if you have 2 same ISP's, Is this true? I also followed how to configure the load balancing pool, adding aliases and putting firewall rules. Can Anybody please help me on how this pfsense work.

    Thanks

    –Bernie

    Here is my set-up:

    LAN: 192.168.30.30

    WAN: 203.131.139.60
    WAN Gateway : 203.131.139.57

    OPT1 : 203.215.80.21
    OPT1 Gateway: 203.215.80.1

    pfsense version: 1.0.1-SNAPSHOT-03-15-2007

    Load Balancer: Pool

    Name                      Type      Servers/Gateways      Port    Monitor  Description

    WanBalanceOpt1    gateway(balance)        wan                            203.131.139.57  Load Balance Wan & Opt1
                                                              opt1                          203.215.80.1

    WanFailoverOpt1    gateway(failover)        wan                            203.131.139.57  Failover Wan to Opt1
                                                              opt1                          203.215.80.1

    Opt1FaioverWan    gateway(failover)        opt1                          203.215.80.1      Failover Opt1 to Wan
                                                              wan                            203.131.139.57

    0
  • S

    Please see http://doc.pfsense.org/index.php/Multi-Wan/Load-Balancing

    0
  • B

    @sullrich:

    Please see http://doc.pfsense.org/index.php/Multi-Wan/Load-Balancing

    Thanks, sullrich, i already followed this documentation for my setup, but when i try to test if the failover will work by turning off the power of dsl modem (WAN - my primary connection) it should failover to OPT1 - my secondary connection but it does not. Any ideas how can i fixed this problem.

    Lots of thanks again.

    –Bernie

    0
  • S

    Check your monitor IP.  It must be exclusive to the ISP of the opt interface or wan interface.

    0
  • B

    @sullrich:

    Check your monitor IP.  It must be exclusive to the ISP of the opt interface or wan interface.

    My monitor IP's are the gateways of my wan and opt1 connection, 203.131.139.57 & 203.215.80.1 respectively and they are both pingable on my pfsense firewall

    Thanks

    –Bernie

    0
  • H

    Does status>loadbalancer report all lines as up?

    0
  • B

    @hoba:

    Does status>loadbalancer report all lines as up?

    Yes the status load balancer reports lines are all up, i guess load balancing is OK, but my failover is not yet working, when i try to power off my wan modem it should failover to my opt1 connection, but it didn't.

    0
  • H

    I have the same problem - Load Balancing is working, but failover - not. The monitor IPs - they should be pingable only from the ISP interface, right. I mean if I choose worldwide pingable IPs - this can be a reason why my failover is not working (they will be pingable even if one host is down). So - no public IPs, right?

    0
  • H

    @h8r:

    I have the same problem - Load Balancing is working, but failover - not. The monitor IPs - they should be pingable only from the ISP interface, right. I mean if I choose worldwide pingable IPs - this can be a reason why my failover is not working (they will be pingable even if one host is down). So - no public IPs, right?

    We generate static routes behind the scenes for monitor IPs to ensure it goes out the right gateway so it will detect the link failure even if the monitor IP would be pingable from another WAN.

    0
  • S

    snapshot 27-feb-2007 , I found that changing the rules (moving them up or down, adding a rule) would get my load balancer to work in the morning after being switched off all night. It would take about 10 minutes to start  working fine….

    0
  • H

    This might be an issue with already established states. if you reset states after rearranging rules they will make use of the balancing immediately.

    0
  • S

    @hoba:

    This might be an issue with already established states. if you reset states after rearranging rules they will make use of the balancing immediately.

    1.0.1-SNAPSHOT-03-27-2007 built on Fri Apr 6 06:32:14 EDT 2007
    Can't be states because the machine was off for the night. When I turn it on http browsing works (though a bit slow) but ssl based email (smtp and pop, ports 465, 995) just does not work until I have messed around with the rules a bit by moving them up and down. ssl based traffic is on failover-load balancing.

    0
  • H

    Haven't seen that on any of my installs and also have not heard about it yet. However I recommend upgrading to the latest snasphot. I think your snapshot was released during the timebased rules have been implemented and during developement of this feature some things were temporarily broken. Try to reproduce this with the latest snapshot please.

    0
  • B

    @hoba:

    Haven't seen that on any of my installs and also have not heard about it yet. However I recommend upgrading to the latest snasphot. I think your snapshot was released during the timebased rules have been implemented and during developement of this feature some things were temporarily broken. Try to reproduce this with the latest snapshot please.

    Thanks, my load balancing and failover is working fine now, my fault is that my firewall rules got mixed-up and wrong order sequence, my monitor IP are also wrongly assigned. Thanks again more power to PFSENSE

    0
  • B

    Hi

    Could you tell me, what changes you have made.  I 'm also in the same problem

    Biju

    0
  • S

    @bijualapatt:

    Hi

    Could you tell me, what changes you have made.  I 'm also in the same problem

    Biju

    My problem was solved by upgrading to the latest snapshot.

    0
  • B

    @bijualapatt:

    Hi

    Could you tell me, what changes you have made.  I 'm also in the same problem

    Biju

    Yeah sure, just double-check your order sequence in LAN firewall rules, double check also your Monitor IP assigned (IP gateway provided by your ISP) and try using the latest snapshots version.

    Thanks

    0
  • B

    @bijualapatt:

    Hi

    Could you tell me, what changes you have made.  I 'm also in the same problem

    Biju

    try using this docs, there's a lot of screenshots that will help you here

    http://doc.pfsense.org/index.php/MultiWanVersion1.2

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy