Load balancing working, but failover on Opt1 not working

leimrod · Mar 30, 2007, 1:06 PM

Ok, i've got pfSense setup with loadbalancing, and its working great. I followed this tutorial: http://doc.pfsense.org/index.php/Multi-Wan/Load-Balancing and i'm using the latest snapshot

I've had one niggling problem that I haven't been able to solve.

What I have at the moment is that both incoming WAN connections are load balanced correctly, and that failover "half" works. When I disconnect my Opt1 connection, pfSense will successfully failover to the WAN connection only. But, when I disconnect the WAN connection it doesn't failover to the Opt1 connection.

My first inkling on this is that the settings I put in place in my "NAT>Outbound" (picture attached) section are incorrect, as they where put in place before I found the tutorial linked above. But when I remove them my internet connection goes down completely for both connections, so I left them in place. Should there be a need to have outbound nat rules? and would they affect failover at all?

My second inkling is that there is no DNS servers setup for Opt1, and it is using the ones set up for WAN. In "status>interfaces" the Opt1 connection will read as "up" when the WAN connection is disconnected. But there isn't any DNS servers assigned to it. Is there anyway to assign DNS servers to the Opt1 connection. I've also set the DNS servers in "general>setup>DNS servers"

Any opinions and help on this would be greatly appreciated.

leimrod · Apr 2, 2007, 10:41 AM

Nobody?

Can someone tell me if there is anyway to set the DNS for Opt1?

hoba · Apr 2, 2007, 10:42 AM

@leimrod:

Can someone tell me if there is anyway to set the DNS for Opt1?

Please search, this has been answered countless times already.

leimrod · Apr 2, 2007, 11:26 AM

I did a search, and I came up with the solutions i've already implemented.

I've gone to System>General Setup>DNS Servers and set the DNS servers here (one for WAN, and one for Opt1) i've also disabled "Allow DNS server list to be overridden…"

Do I need to set up any static routes pointing the appropriate DNS server to the Opt1 connection?

my main problem I think is that both WAN connections are from the same ISP and in such share the same DNS servers. In the failover rules i've set the monitor as each of the routers gateways. When WAN goes down, Opt1 still reads as "online" in status>load balancer but I lose internet access.

Is there a way of tieing only one of the DNS server addresses to each WAN connection?

hessie · Apr 2, 2007, 4:12 PM

I've got a similar setup and simply used DNS-Servers outside my net for monitoring..

If you get 2 DNS-IP's provided, simply use the first for GW1 and the second for GW2..

Example:
Provider assigns 123.123.123.1 as first NS and 123.123.123.2 as secondary NS..
Use 123.123.123.1 on WAN1
123.123.123.2 on WAN2

Just make sure they are "outside", not inside or accessing the routers.. Use Internet-IP's.

leimrod · Apr 2, 2007, 4:37 PM

I don't see how this would change anything, because, as far as I understand it, as long as the IPs are unique to each WAN connection then failover should work. Am I wrong in this assumption?

sullrich · Apr 2, 2007, 4:57 PM

In addition to needing 2 unique IP's of the ISP you need to create static routes to force the packets out the correct gateway. This has been covered in previous threads and in the load balancing docs @ doc.pfsense.com

leimrod · Apr 2, 2007, 5:01 PM

This is the load balancing doc you are refering to: http://doc.pfsense.org/index.php/Multi-Wan/Load-Balancing

I've read through it numerous times and nowhere in it does it mention anything about static routes.

Could you just give me an example of how I should implement these static routes? Do I need to set one up for WAN and one for Opt1?

sullrich · Apr 2, 2007, 5:49 PM

Woops, scratch that. I forgot that we now add the static routes behind the scenes.

hoba · Apr 2, 2007, 5:54 PM

You only need a static route to the DNS-Server at OPT1. The DNS-Server at WAN is covered by the default gateway already. Make sure you use one DNS from WAN and one from OPT1 at system>general.

Oh, and btw, I already answered this question from you here: http://forum.pfsense.org/index.php/topic,3920.msg24880.html#msg24880 :P

leimrod · Apr 3, 2007, 10:55 AM

ok, thanks… thats working perfectly now with the static route set up to point Opt1 to the DNS server. Hoba, I think I got confused because later on in my original thread you told me to remove the static route, but this was because I had the DNS servers set up as my monitors.

All is working now perfectly.

It might be an idea to put a sticky at the top of this forum with the common questions that are asked (i.e. FTP access, failover, DNS setup...etc)

Or maybe add the detail about setting up a static route to the load balancer wiki?

hoba · Apr 3, 2007, 11:48 AM

@leimrod:

Or maybe add the detail about setting up a static route to the load balancer wiki?

I agree, we should add this to the doc and then create a new thread pointing to it and marking it sticky.

sai · Apr 5, 2007, 9:40 AM

I've added a paragraph "8.4 Setting up DNS for Load Balancing"
to http://doc.pfsense.org/index.php/Multi-Wan/Load-Balancing

Hope it is understandable.

hoba · Apr 5, 2007, 11:13 AM

Thanks sai!

sullrich · Apr 6, 2007, 4:57 AM

Nice work, thanks!