How to disable loadbalancing and use failover on dual wan config?

hoba · Mar 26, 2008, 3:33 PM

I still think this is a state issues. Does it work if you manually reset states after failover (diagnostics>states, reset states)? If so it's the effect that I described already above which is normal.

V-man · Mar 26, 2008, 4:33 PM

Well I rebooted pfSence. Then I double checked interfaces(ip's and gateways). Load balance showed everything in green. I verified that I been connected through cable modem IP. Then I pulled the plug off WAN(integrated GB NIC)- T1 and that was it. I can ping from WAN interface to T1 router, but I can not get internet to work.

Is not that strange? Before I could not get the Internet to work using GB nic as my Cable modem WAN and now I can not get to the Internet through the same GB nic. But in the second case GB nic serves as a T1 WAN(fail over lan)?

V-man · Mar 27, 2008, 4:09 PM

Thanks Hobo for helping out!!!

This is not the hardware! I just re-did the system on another pc. I setup pfsense on different Internet networks and set up worked.

Now I striped everything down to WAN/ Lan setup. I am having a problem even with trying to get out to the internet. I checked monitor, static ip on the cable modem and on pfsence interface. I enabled pass any from wan rule and could not ping Comcast wan interface.

Have you ever come a cross that Comcast had issues with their SMC router modems and pfSence?

Thanks again for helping out!!!

hoba · Mar 27, 2008, 6:00 PM

I have heard from a lot of people using comcast and pfSense together. One common issue seems to be that the cablemodems sometimes need a reboot if you connect a new device (like replacing an old router with pfSense) as thy seem to cache tho old macadress for ages in their ARP-cache. I also have heard from people where the nexthopgateway seemed to not clear the ARP-cache and they had tto take down the line for 10-20 minutes before a new pfSense install was working there.

V-man · Mar 27, 2008, 6:05 PM

Thanks Hobo for info!

I also was wondering if static ip and enabled firewall on Cable modem router may also cause problems?

Shell I use DHCP instead?

hoba · Mar 27, 2008, 6:19 PM

For sure I would shut down the firewal of the cable modem. Maybe that's exactly what's happening, your DHCP IP gets dropped and that's why traffic stops then.

V-man · Mar 28, 2008, 6:08 PM

All my thanks go to Hobo!!!

You are the man!!!!

That was the SMC 8014 Cable Modem - Comcast businesses gateway problem!!!!

I disable DHCP, firewall, restarted the router couple of time since it was not renewing IP. And it worked like a charm!!!!!

Thank you!!!! Thank you!!! Thank you!!!!!

hoba · Mar 28, 2008, 6:37 PM

Glad this issue finally got resolved :D

cheesyboofs · May 12, 2008, 9:58 AM

Sorry to hijack your post V-man but I’m trying to implement the very same thing as you “failover with no load-balance” but I’m not getting as far as you and wonder if one of you could give me some pointers.

My config:
Pfsense = v1.2
WAN 20MB = 82.29.156.0/22 SM = 255.255.252.0 GW = 82.29.156.1
Backup (OPT1) 2MB = 82.29.148.0/22 SM = 255.255.252.0 GW = 82.29.148.1
LAN = 192.168.100.0/24 SM = 255.255.255.0 GW = 192.168.100.254
Wireless = 192.168.101.0/24 SM = 255.255.255.0 GW = 192.168.101.254
http://www.cheesyboofs.co.uk/home.htm

I too have read the http://doc.pfsense.org/index.php/MultiWanVersion1.2 document but got compleetly confused at the sticky connections as my understanding is that I don’t want any so that if my wan connection fails my mail server’s mail's will be re-routed out the fall back gateway.

So with this in mind I tried to set up a lab environment on some spare hardware dropping the load balance rule from the pools and keeping WAN1->WAN2 and WAN2->WAN1 filters. This is where I got stuck, no matter what I do I cannot get it to fail over to Backup (OPT1) but the fact that others can and the fact that I’m not exactly thick means I must be missing something obvious. I think I’m just getting confused with the terminologies used in PFSENSE when I’m comparing it to other distributions I have used.

Any help you guys can give would be great

GruensFroeschli · May 12, 2008, 11:15 AM

Did you set the gateway(s) of your LAN rule(s) to the failover pools?

cheesyboofs · May 12, 2008, 12:35 PM

At the moment I have a basic config with no pools setup.
I am driving remotely over VPN so don't want to get locked out.
This is what I have atm,

I did have mail -> out 'locked' to backup (OPT1) link but understand that when that link fails it needs to use the WAN link.

Reading another post,
http://forum.pfsense.org/index.php/topic,8994.0.html,

You said one can simply add more lines to the load-balance filter to balance out the faster modem! So could I not just have one load balance line,

2 lines with 2Mbit and 20Mbit
line1: 1 times in list
line2: 10 times in list

What happens in this scenario when one line goes down does it simply round robin on to the next working one or does it time out?

I just want some advice from you guy's on how you would best 'tweak' my config to get the most out of it with the most important thing being remote connectivity in the event of the WAN failing.

Cheers

cheesyboofs · May 12, 2008, 7:16 PM

Hi there,

Right I have read your question a couple of times and I now see (with your help) where I went wrong.

For some reason web browsing works fine with either wan disconnected but I can only ping Google with WAN connected and I get a timeout using only the Backup, strange!

Also I still don’t understand how the three load balance rules work, If I have a dead link in all three rules how does it know which one to use?

I will play some more while I'm feeling brave.

Cheers for your help