Multi wan routing over multi ip addresses in the same block - possible?
-
Hi, excuse my ignorance and i haven't seen any examples of this (plenty for multiple dsl lines and separate ip address blocks)
I have a dsl line with a block of static ip addresses. of these 5 are free - my question is :
Is it possible to configure pfSense to do load balancing over these ip addresses such that each outgoing connection rotates through the one of the possible addresses. I've seen examples of multiple addresses in the same block but these all have different gateways, obviously these addresses share the same gateway address.
I've tried a few combinations but they don't seem to work also I've access to multiple quad ethernet cards so the number of ports for the wan side is not a problem, or is it possible with just one?
Any suggestions or help..
Thanks
-
Discussed here:
http://forum.pfsense.org/index.php/topic,8929.0.html -
Discussed here:
http://forum.pfsense.org/index.php/topic,8929.0.htmlCheers for that, i'd missed it while searching… One other question is can i combine the method suggested with other outbound load balancing.
For example say i have 3 dsl lines with 5 ip addresses each, would listing all 15 ip address in the nat rule work?
I'm guessing in this case i skip the normal load-balancing setup
-
The outbound NAT rules are per-interface, so each wan would have separate translation rules. You would have to combine this with standard outbound LB- setup a load-balanced pool and point the LAN traffic to the load-balancer by changing the gateway on the appropriate firewall rule.
-
Hi, i've had to leave playing with this for a bit, but going back to it now. It would seem i need to enter addresses into the translation part of the outbound nat rule. Is this correct?
The GUI only allows one address or the value "any". I've tried to modify the config file to add multiple targets but get an error.The thread pointed deems it is possible and editing the nat tables directly looks plausible, but i'd like to avoid that if possible as i'm using pfsense to avoid editing config files directly.
Am i going about this the right way or have i missed something obvious?
Thanks
-
My thought is that someone could try editing the pf rules directly and test the functionality. If it works, then you would know the syntax that the webgui would have to use and could then try to modify the relevant bits of the webgui. If you got that far, you could submit the diffs to the core team for review. I think this functionality would be nice, but right now I don't need it and have too many projects going to play with it.
-
I could have have play with the settings, i've looked on the box and pf.conf seems to be empty (well it looks like a demo file with everything commented out. Are the rules written somewhere else?
-
The running ruleset should be in /tmp/rules.debug
You can copy that file, edit it, and use pfctl -f to load it.
Of course, that will be nuked if you make any changes in the gui…
