Trouble with Dual WAN
-
I am using the .92 release and can't seem to get load balancing to work. I have 2 cable modems from the same ISP (both DHCP). They are connected to the WAN and OPT1 ports. I have followed the wiki tutorials here http://wiki.pfsense.com/wikka.php?wakka=IncomingLoadBalancing and here http://wiki.pfsense.com/wikka.php?wakka=OutgoingLoadBalancing. Could someone please explain the setup for this in a little more detail. I would like to load balance everything on my network (all ports in and out for about 6 computers). Please help, this is driving me crazy. ???
-Thanks
-
The loadbalancer only works with static gateway entries. If you have bridged cablemodems with dynamic IPs it won't work for you unless you do something to "fake" static IPs and static gateway on WAN. You could do so by using modem routers instead of modems only and use these then as static wan gateways to loadbalance to those (check your devices, maybe they can be set to routingmode instead of bridge as well). If these routers in front have a setting for DMZ you can enter the pfsense's WAN IPs there. By doing so the WAN-traffic hit's the pfsense unfiltered and you can firewall and forward everything at the pfsense without touching the routers in front after they are once in place. I know some configs that use it this way.
ASCII Mockup:
DHCP-WAN1–------WAN/Modemrouter1/LAN---------------WAN
pfSense--------LAN
DHCP-WAN2--------WAN/Modemrouter2/LAN----------OPT-WAN/The only thing you can't do this way is use dyndns at the pfsense but our dyndns support doesn't support multiple wan atm anyway. This would have to be done at the Modemrouters in front or by a host in your LAN with the approprriate rule to map these requests to a specified WAN.
With it set up this way try to use the wiki for outgoing loadbalancing again. You won't need incoming loadbalancing unless you have a serverpool running services for the public (which you don't do if I have understood you correctly).
-
Actually, I think dual wan w/ two dynamics are supposed to work. However, if BOTH gateways are the same IP address, it will NOT load balance.
–Bill
-
Actually, I think dual wan w/ two dynamics are supposed to work. However, if BOTH gateways are the same IP address, it will NOT load balance.
–Bill
OK, it's been pointed out that I didn't read the original post well enough. Dual WAN will work (as long as there really are two distinct gateway addresses), load balancing (using gateway pools) however will not work. It's a useful feature however and I could see adding it sometime after 1.0.
–Bill
-
Actually, I think dual wan w/ two dynamics are supposed to work. However, if BOTH gateways are the same IP address, it will NOT load balance.
–Bill
OK, it's been pointed out that I didn't read the original post well enough. Dual WAN will work (as long as there really are two distinct gateway addresses), load balancing (using gateway pools) however will not work. It's a useful feature however and I could see adding it sometime after 1.0.
–Bill
So are you saying that using dual WAN and/or load balancing from the same ISP will not work as of .92 unless the ISP's gateway address on both the modems is not the same?
-
Actually, I think dual wan w/ two dynamics are supposed to work. However, if BOTH gateways are the same IP address, it will NOT load balance.
–Bill
OK, it's been pointed out that I didn't read the original post well enough. Dual WAN will work (as long as there really are two distinct gateway addresses), load balancing (using gateway pools) however will not work. It's a useful feature however and I could see adding it sometime after 1.0.
–Bill
So are you saying that using dual WAN and/or load balancing from the same ISP will not work as of .92 unless the ISP's gateway address on both the modems is not the same?
Right. I doubt it'll ever work - we don't hook into the kernel at that level and probably never will (we'll see). The easy solution if both upstream gateways have the same IP address is to drop a box in between the load balancer and one of the gateways, thus changing the upstream address. It's a hack, but it will work - although again, we don't currently allow dynamically assigned gateways into the gateway pool which means load balancing won't work (manually assigning traffic to gateways will still work though allowing for a personalized load sharing ;)).
–Bill
-
Thank you very much for answering my questions billm. I'll try sticking 2 routers inbetween the modems and the pfsense box. I'll let you know how everything works out. ;D