Multi ISP Inbound Traffic



  • Hi everyone!

    I hope someone can answer my question. I´m planing a new hardware firewall with pfsense 2.0.2. And before i spend the money for the mission, i´d like to know if my design will work.

    I have two differente ISP (differente address ranges) and i want to realize inbound load balacing. The plan is to at  DNS a second IP at a A-Host entry.
    The plan is for reaching via pfSense an internal webserver. Now the question - how will the routing work.
    For example, a package enters via ISP1 the firewall, the request is routed to the internal webserver, the request flows back to the firewall - will the firewall transfer the package back to the correct ISP from where the package was coming?

    Or do i have a very wrong sight of routing :-) ….

    Greetings
    David


  • Rebel Alliance Developer Netgate

    [Please don't post the same message to multiple boards, I removed your duplicate post in the general questions board]

    You are correct in how that routing will work. So long as you have the WANs properly configured (with a gateway defined/selected) then if a connection comes in WAN1, it will go back out WAN1. If it comes in WAN2, it will go back out WAN2.



  • Thanx for the reply :-)

    Thats a good answer - is there a detailed configuration guide available or just try and error :) ?
    Do you know in which way the DNS server will anwser the request? My plan is to add simply a second IP address entry for the existing domain name. Will DNS response always with the first IP entry or will be there a round robin mechanism?

    Is there a "quick&dirtyHowTo" for my configuration wishes available?
    Greetings
    David


  • Rebel Alliance Developer Netgate

    There isn't any specific guide that I know of.
    There isn't much to it on the firewall though, just setup both WANs, add the port forward/nat bits and you're done.

    DNS is a bit trickier, but that's usually set to either return both records, or return them individually in a round-robin, but either way that's up to you and your DNS and not pfSense.



  • Thank you for the informations :)

    I will try it out and i see what happens :)

    Again, thanx for the fast response

    Greetings David



  • I have one doubt. I have configured multiple in Bound connection
    Now what about the DDNS configured at PF sense firewall will send the ip to the ddns server ?
    Most reachable ?


  • Rebel Alliance Developer Netgate

    It will send the DDNS update on whichever interface you configure it to happen.

    On 2.1 you can select a failover gateway group (one gateway per tier) as the 'interface' for DynDNS so it will send whichever WAN is both up and preferred (e.g. WAN, but if WAN goes down, WAN2, etc)