Newbie from India. Help on Triple WAN



  • Hi All!

    Firstly I need to thank you all for the most wonderful piece of software I have used lately. I never knew something of this magnitude could hit the open source scene. I am amazed.

    I came across pfSense while looking for information on hardware capable of bandwidth aggregation and was bowled over when I realised that pfSense could do things which I would otherwise only dream of in a hardware based solution due to cash constraints.

    Well this is my setup:

    I am running a private network of about 50 computers with a few ADSL lines. Currently I have 3 lines of 1Mbps/256kbps. Earlier (before pfSense), I was dividing the users on different subnets and assigning them different gateways and thus manually balancing the loads. Now that I have pfSense, I have put 6 NICs on a machine and have decided to let pfSense do the magic. I am successful to an extent but need some help for the failover and balancing part. Currently I have 3 WAN links but have applied for 2 more which will be added to this setup later (the 2 extra NICs will be put to use for this).

    My current setup:

    All the 3 ADSL lines are from the same ISP (its cheaper to get less capacity lines than to get 1 large capacity line in here :()

    The ISP does not assign static IPs. So I use PPPoE mode on the ADSL modems which have static private IPs and are connected to WAN ports on the pfSense machine.
    ISP DNS servers : 218.248.255.145 & 218.248.255.193.
    Additional Web Page maintained by ISP (for monitoring by pfSense) : 10.240.89.199.

    I have put the settings in LoadBalancer and created the Firewall Rules as per the attachments below.

    The load balancer status shows that all the 3 machines are online in GREEN and works well.

    However today morning I have an issue with the links and 2 routers failed. The LoadBalancer Status showed that 2 links (WAN and OPT2 had failed) and according to the pfSense status, my failover worked but in reality it did not. I could not browse on any site and even from the PING status I could not ping the monitoring IP of OPT2. This led me to realise that I had messed up somewhere but did not know where :(

    So I bring forward my queries to you all (and bore or irritate you :p)

    So guys please tell me where am I faulting and help me.

    Thanks in advance
    Sumit








  • bump  ???



  • hello people! please provide me with some answers  ???



  • this is sad. no one to help here?



  • Do you have static routes that point to the different DNS servers on the different links?
    Otherwise all DNS requests from the DNS forwarder go out the default WAN.
    If that link is down you no longer can resolve DNS requests.

    search the forum/howto's for more info on the problem of DNS and multiwan.



  • I have setup static routes for the dns servers but still the same. If you could please check my attached screens for the failover and loadbalancing and tell me if that is correct?



  • try use an external dns … not your isp dns.. something like opendns.org ... and leave unmarked option DNS override on Wan setup... in this way your dns request always go to external ... and clients will resolve names .. . and browsing automagicaly works ...



  • I am using opendns but to no avail. I have tried disabling the 3rd WAN and things work well. The trouble starts when the 3rd WAN is added and the 1st WAN port fails. Please check the attached screens in the 1st post and guide me.



  • i had an situation like yours in the past ..
    i am not wrong  i did  the following

    on load balance the 3 links was there like yours

    but on failovers i did
    Failover1  Wan1 -> WAN2
    Failover2  Wan2 -> Wan3
    Failover3  Wan3 -> Wan1

    give a try



  • Thanks! It works!

    So basically in the failover pool, I always use 2 interfaces in a circle, eg. wan1-wan2. wan2-wan3, wan3-wan4, wan4-wan1

    I will bet getting 2 more ISP links next week or so. I will try this then. Till then, I will test this now :D

    Thanks a ton once again  :-*


Log in to reply