Pool, ponds and other Sticky stuff

  • Hello all
    First off thanks to all who have created or contributed to pfsense being what it is
    and also much thanks to those who provide support on this forum it has been a wealth of info for me
    I have been lurking for quite sometime here
    but until now I have always found the info I needed searching the forums
    and didn't need to post for assistance

    But I am having some difficulties getting the multi wan load balancing to work correctly (understatement of the year lol!)

    Anyways I have followed the MultiWAN 1.2 guide and had no success with it at all
    but after some self experimenting with my own rules I am pretty sure I have it now using both wans
    as the graphs from the dashboard does show almost equal traffic on both pipes anyways
    but I am getting alot of time outs and page not founds which would on
    the surface appears to be dns problems but I suspect it is more likely do to the sticky connections setting
    as some other posts refer to it as being an issue

    But in my case sticky connections is no longer even a listed option  ::)
    In the system advanced tab under load balancing there is a save button but nothing else
    the tic box and description for stickies is gone but it was there before
    any ideas on that one I am using version 1.2-RC4

    Also my rules look nothing like some of the examples I have seen …go figure lol!

    My load balance pool for example is simply wan and opt1 (wan2)
    with no failover pools oddly though if I unplug one connection
    it does seem to failover to the other connection regardless

    I would say my setup is pretty basic really I have 2 x 6 meg DSL connections both with static IPs
    unfortunately though I have had to use the second dsl modems internal pppoe connection interface
    to make wan 2's pppoe connection work which gives wan 2 a address on pfsense

    Which is currently not a big deal but since
    There is a one pppoe connection limit on the wans in pfsense
    is there anyway to have more than one pppoe connection ?
    I would eventually like to add a third WAN line but with both the dsl modems I have
    it seems I cannot change the modems internal Ip address of
    which then means that any others I might add would also have the same WAN gateway Ip
    (which i have read wouldnt work at all)

    Anyways I would greatly appreciate any assistance anyone would be willing to provide as to
    how to actually configure this and have it perform well
    there is no doubt in my mind that pfsense functions just fine and my settings are likely all wrong :(

    Could someone provide a configuration example for me to muddle my way through

    Thanks & Best Regards


  • did you set up static routes for the ISP DNS servers? why dont you post your settings so that we can see what has been done?

  • Hello sai

    thanks for the reply
    Nope I didn't see anything in the MultiWanVersion1.2 guide
    that refers to having to create any static routes :(
    I also don't have the DMZ 1 & 2 that they show as
    it was unclear to me where to put that info so I ignored it
    (I thought it was actually meant to be put into the dsl modems settings somewhere
    which isn't even an option in my case)

    because the sticky connections is completely missing from my menu
    I am thinking that the pf box has gotten borked and probably related to
    squid …I had tested running squid before and found it actually seemed to slow things
    down so I uninstalled it
    but I have read numerous posts on issues with squid

    I am expecting to do a complete reinstall of pf on this box
    but would really appreciate some form of definitive guide on the steps necessary
    to set it up properly for a relative newbie to this
    it is rather unclear imho

    I will try and create an outline of the steps I am following
    if someone can make corrections
    to my posts hopefully I will get it right for any others who need the help
    after is functional I would be happy to post some screen shots for others
    as I think screenies may help us newbs more than anything

    1. In my case my dls modems offer no method to change any settings so
      wan is set to pppoe and opt1(wan2) is set to DHCP and wan2s connection
      shows up as gateway and gives pf a 192.168.2.x address

    2. pfSense general settings

    Primary DNS server
    Secondary DNS server
    (both my dsl lines us the same DNS servers but have different gateway ips)
    Allow DNS server list to be overridden by DHCP/PPP on WAN is Unchecked

    1. Under  Services' - 'DNS Forwarder', on
      Register DHCP leases in DNS forwarder on
      Register DHCP static mappings in DNS forwarder on

    2. Interfaces - OPT1
      enable Optional 1 interface checked
      Type DHCP
      Bridge with None
      IP address None (would it be best to assign it a static of say

    3. Setting Pools 
      name LoadBalance
      description LoadBalance
      Type Gateway
      Behavior Load Balancing
      Port Unused
      1st Monitor IP DNS server
      1st Interface name WAN
      2nd Monitor IP DNS server
      2nd Interface name WAN 2

    name WAN1FailsToWAN2
    description WAN1FailsToWAN2
    Type Gateway
    Behavior Failover
    Port Unused
    1st Monitor IP DNS server
    1st Interface name WAN2
    2nd Monitor IP DNS server
    2nd Interface name WAN

    name WAN2FailsToWAN1
    description WAN2FailsToWAN1
    Type Gateway
    Behavior Failover
    Port Unused
    1st Monitor IP DNS server
    1st Interface name WAN
    2nd Monitor IP DNS server
    2nd Interface name WAN2

    1. Sticky Connections unshure to enable or not lol!

    2. Firewall Rules
      Rule Load Balance
      Position in rule list Last
      Action Pass
      Disabled Unchecked
      Interface LAN
      Protocol any
      Source LAN subnet
      Source OS any
      Destination any
      Log no
      Schedule none
      Gateway LoadBalance
      Description Everything else gets shared out

    (I suspect there should also be two other rules allowing all
    traffic for each wan pipe
    an eaxmple with my addresses would be helpful and greatly appreciated)
    I am aware that I will need to add other rules for things such as https sites ect
    by specifing a certain pipe for such traffic
    but I can resolve them later on
    but as a side note wan does not show as an option currently
    for such rules only opt1 (wan2) can be specified is this because the wan
    is a pppoe connection

    8)NAT I have disabled the creation of automatic nat rules in settings
    and also set it to advanced in the NAT section outbound rules
    and have created two rules one for each WAN and opt1 (WAN2) to allow all

    1. create any static routes
      Havent a clue so an example with my settings would be welcomed

    10)I would think by this step it should be functioning :)

    Thanks much for any assistance

    Best Regards


  • You dont need to set up static routes for the DNS servers because you are using DNS servers as monitor ips - if you have them as monitor ips, the static routes get setup automagically.

    Sticky connections had problems (with PPoE, I think) and so are currently not available

    You are using http://doc.pfsense.org/index.php/MultiWanVersion1.2 right?

    Advanced Outbound NAT. You dont need it, dont mess with it. Just let pfsense do NAT automatically.

    Probably a good idea to reinstall and try again.

  • Hi Sai
    Just reinstalled pf and stickies is back now
    so are you saying that as soon as I set wan as a pppoe connection
    I will loose that option again
    and yes I have been using MultiWanVersion1.2 docs

    Also was I correct about the DMZ's 1 & 2 in the instructions 
    being a item that should be set on the dsl modems

    and Would I be better off getting two new DSL modems
    that at least allowed me to change their basic LAN settings

    if so any recommendations on decent cheap dsl modems that will work with bell
    and permit me to make some basic changes to it and
    would It also probably be a good idea to have modems that can run in bridged mode
    so that the WAN and OPT1(WAN2) on the pf box actually get passed my real world static IPs
    (both DSL lines can give me a static IP)
    would that be a correct assumption or am I wrong about that

    Thanks Again


  • If your dsl modems run in bridge mode then you do get the real ip address on your pfs opt interface. Just make sure that they do not have overlapping subnets.

    DMZs - looks like this is where you are confused. DMZ is like a LAN subnet except it houses servers that are accessed from the Internet. So it is nothing to do with the modems. Ignore DMZ untill you have the load balancing setup and running

  • Thanks again Sai

    My current DSL modems will run in bridge mode but
    only if the something else handle the pppoe login info
    If the modem handles the pppoe connection then it stays unchangeable at

    Now because I can only have the option of one pppoe connection in pf
    I am sorta stuck in this situation

    So I have just ordered two new DLS modems that are also routers
    but can run as bridges while managing the pppoe connection too

    This should resolve the configuration limitations with my current dsl modems
    In case anyone is wondering my searching indicates that the

    is one of the best out there for the price plus there also is modified firmware available for it
    many claim modest to 30% in increased throughput speeds over the standard bell modems
    cost was 60$ each Canadian

    I will post updated info when I have a chance to configure it all

    Thanks again

