Static Ports (Manual Outbound NAT rule generation) doesn't work with LBing?



  • I need to use Manual Outbound NAT rule generation per my post in games earlier but when I change to that my load balancing, and internet connection go a stray.

    Is there a reason that when u enable Manual Outbound NAT rule generation uner outbound rules that the Load Balancing no longer works? I figure it has something to do with Load Balancing needing Automatic outbound NAT rule generation or a rule I need to add while having Manual Outbound NAT rule generation enabled?

    please help o.O

    –---

    added:

    After messing around more in the Firewall:NAT:Outbound

    I can have the internet work and play certain games ect.. if I use the interface WAN2(OPT1) for the rule that it creates with static port enabled.

    However I do not have my double the speed load balancing occuring and everything seems to go out of WAN2 this way.

    I added a rule below it that looks identical to the one it makes for WAN1 but it doesnt not change anything.

    Then when I change the top one's interface back to WAN I loose internet again.

    Then if I turn Automatic outbound NAT rule generation (IPsec passthrough back on the double speeds start working again via speedtest.net and Load Balancing seems to work but to no avail I cannot then use static ports which puts me back to my original problem.

    Any ideas?



  • Can you show screenshots of your current: LB-pools, LAN FW rules, AON rules.



  • php: : New alert found: There were error(s) loading the rules: /tmp/rules.debug:131: syntax error pfctl: Syntax error in config file: pf rules not loaded The line in question reads [131]: pass in quick on $lan route-to ( dc0 24.xxx.xxx.x ) from 192.xxx.x.0/24 to /24 keep state label "USER_RULE: Wan 2 DMZ"

    I think this is keeping the DMZ for WAN from working per the multi wan 1.3 wiki.

    I hooked all this up…

    got load balancing working correctly.

    tried to do a few things speeds were good after a bit tried to play a game.

    Game didnt work did that and then I noticed the WAN2 errors...

    Both of my incoming connections are DHCP and I have them set as so.

    It seems if I put one of the WAN ports on an external NAT I can get Load Balancing to work with Static Ports.

    I notice arp things back and forth in the logs from modem to modem. This can be less annoying with the advanced>arp options checked.

    Maybe a NAT on one of these is in order permanently? The Subnets on these modems are different though which I thought that would enable for it to work. keep in mind when i first setup things it was working with just pfsense using both WAN ports.

    I am confused on making the DMZ rules at the top.

    Since I use DHCP it just throws me off from the directions since they are using static IP's.

    I think I have missed something simple who knows. I am sketchedly trying to get my foot in the door here but so many pits and valleys so far.

    When I do have my LB working for the short times i seem to hit a configuration that works.

    The thing I don't like about having it on another NAT is you dont get the logs in origninal form.

    I just want LB, static ports and some port fowarding for now.

    2 WAN cards, 1 LAN cards picked my best laying around 10/100 cards and built the box with some cheap old hardware that seems to work fine as far as the speed that is required here.

    The NIC Cards seem to pull DHCP fine so they must be working.

    No logs to note hardware wise except the arp requests... but this can be controlled with a NAT on WAN2.

    helps me....

    DMZ Rule Problem?
    Both WAN connections are based on DHCP?
    Hardware <arp requests="" back="" and="" forth="" to="" modems?="">I am a bit lost atm..

    I will keep trying let me know if you have some ideas.</arp>



  • Ok well I messed around more and I hooked it up with one NAT on a DMZ and one directly, this way I get the best of both worlds and my logs.

    This setup helps me have it working for my games and load balancing while allowing some to be kept at just one outgoing connection per the rules.

    Everything is working as I need it to now.

    I don't know why I had so much trouble with both being directly connected.

    I know it's a tad less secure but it's one less layer to have problems with for those certain hard to get to work apps/games you can just create the rules appropriately on the outgoing to the directly connected one to prevent any complications of using a NAT however the NAT seperates the networks so you get no arp requests back and forth.

    I was still getting that error on that config line but i reset to default a couple times and just went step by step saving along the way getting things to work and now things are finally where I want them..

    I think the software is a bit buggy but hey it's open source and other than that its miles ahead of most other open source projects in alot of areas. I hear m0n0wall's creator was behind this project in some form?

    Anyway on to the next problem I encounter…



  • There is no 1.3 version.

    Definitly not buggy !
    You missconfigured something.

    It seems you've got it running yourself.
    But as i wrote before: without giving more information about your setup we wont be able to help you.

    A wall of text does not help us understand your setup.
    Diagrams and screenshots are essential.



  • ok possibly not a bug..

    things are good on my end now…

    and sorry not 1.3, 1.2 http://doc.pfsense.org/index.php/MultiWanVersion1.2

    and the only visual needed is:



Log in to reply