SOLVED: Load Balancing Issues



  • Hey everyone. I'm new to pfsense, load balancing, linux, and networking (pretty much the definition of noob ;D). I set up pfsense a couple days ago and am generally very impressed with it's offering and what it can do. I don't need/want too complex of a setup as I'm just using it for college internet sharing in my apartment.

    Basically, I have a few issues and other questions that I'm hoping the knowledgeable users here can help me out with. So far I've got load balancing and everything else I need working, minus the issues below. For starting reference, see my network map picture attached. I tried to provide clear screenshots along with a pretty nicely laid out post to be easy on the eyes and sorting through it, but please let me know if you need more info, screenshots, etc. I know this is a lot, so any help whatsoever is greatly appreciated.


    Issue #1: Port Forwarding

    • Wireless client 192.168.1.100 needs several ports forwarded out to only the WAN, but it doesn't seem to be working. See the attached picture.

    • DynDNS only needs to update the IP on the WAN (possibly already does, just want to make sure).

    I've seen another topic or two on this issue, but I didn't seem to find a fix for it. I'm using my computer, 192.168.1.100 as a crappy dyndns webserver, webcam server, allowing secure backdoor access to it, and other stuff. Use to work in my old retail router by manually forwarding the ports, but doing so in pfsense doesn't seem to work. I can't contact my computer from the outside internet via any of the ports I need forwarded. How do I fix this?


    Issue #2: PS3 & Xbox360 Media Streaming

    • DLNA streaming from WMP doesn't work that well when the router is busy with many connections, bittorrent, etc. Seems like it shouldn't matter since DLNA is local.

    Is there anything I can do to improve it?


    Issue #3: Bittorrent MOST IMPORTANT
    *as polled by my roommates

    • UPNP (for port forwarding) doesn't seem to work for bittorent clients on pfsense

    • Manual port forwarding also doesn't work (as stated in the first issue)

    • uTorrent's port checker says the port is closed on both my WAN and OPT1(WAN2) ip addresses.

    Is there any way to fix this, so either UPNP or manual forwarding works on WAN, and possibly OPT1(WAN2)?


    Question #1: MOST IMPORTANT TO ME
    *as polled by me
    Is my setup correct? It's generally working fine (besides the above issues), but is there anything I should change to improve it? Please let me know if you need more info, screenshots, etc.


    Question #2:
    Why is WAN being used 2/3 of the time and OPT1(WAN2) only 1/3? (judging by the amount of data coming in) I'm thinking it has to do with OP1(WAN2)'s wireless router's reliability on 192.168.0.1. Traffic graphs show OPT1(WAN2) as basically a constant sharp wave of high speeds to low speeds, whereas WAN's traffic graph is generally smooth (in comparison). Please let me know if you need more info, screenshots, etc.







  • We do not appreciate when you do this

    
    [08:00p] join(Creighton/##pfsense) (n=creighto@cpe-071-068-034-219.carolina.res.rr.com)
    [08:01p] <creighton> *Advertising* = = = Anybody knowledgeable with loadbalancing please visit this topic and help me out. Thanks! - http://forum.pfsense.org/index.php/topic,9993.0.html
    [08:01p] quit(Creighton) n=creighto@cpe-071-068-034-219.carolina.res.rr.com (Client Quit)</creighton>
    

    This is blatant spamming.
    post your message AND WAIT.
    Online forum is not a real-time communication medium. It is outright disrespectful to demand a reply less than 24hour after your post! >:(



  • @mxxcon:

    This is blatant spamming.
    post your message AND WAIT.
    Online forum is not a real-time communication medium. It is outright disrespectful to demand a reply less than 24hour after your post! >:(

    I think it was misunderstood. I'm messing around with my pfsense settings and stuff and got kicked off after I sent that message. As of now I am still unable to join back on the channel. I did not do that on purpose, and I aplogize if I offended anyone.

    Furthermore, I was not demanding anything, all I was doing was advertising the fact that I need help and anyone willing should visit my post. That's not demanding answers, that's just an attempt to speed up the process by using two mediums instead of one. As I said before, it was not part of the plan to leave the channel after sending that message. I'm a n00b to IRC as well.

    EDIT - I'm back in now.



  • @Creighton:

    Wireless client 192.168.1.100 needs several ports forwarded out to only the WAN, but it doesn't seem to be working. See the attached picture.

    Never specify gateways on your WAN rules. that'll fix your port forward problems.

    @Creighton:

    DynDNS only needs to update the IP on the WAN (possibly already does, just want to make sure).

    it only supports updating on the WAN.

    @Creighton:

    I've seen another topic or two on this issue, but I didn't seem to find a fix for it. I'm using my computer, 192.168.1.100 as a crappy dyndns webserver, webcam server, allowing secure backdoor access to it, and other stuff. Use to work in my old retail router by manually forwarding the ports, but doing so in pfsense doesn't seem to work. I can't contact my computer from the outside internet via any of the ports I need forwarded. How do I fix this?

    setup the appropriate port forwards and don't specify gateways in your WAN rules.

    @Creighton:

    DLNA streaming from WMP doesn't work that well when the router is busy with many connections, bittorrent, etc. Seems like it shouldn't matter since DLNA is local.

    I don't know what that is exactly. If it's going from one machine on your LAN to another on your LAN, your gateway (in this case pfSense) has no impact on that whatsoever.

    @Creighton:

    • UPNP (for port forwarding) doesn't seem to work for bittorent clients on pfsense

    • Manual port forwarding also doesn't work (as stated in the first issue)

    • uTorrent's port checker says the port is closed on both my WAN and OPT1(WAN2) ip addresses.

    fix your WAN rules and your port forwards should work. uPNP can't open the same port to multiple internal hosts AFAIK, and if you're port forwarding that port it will override anything in uPNP.



  • Thank you for the reply cmb  :). I wasn't sure if my post was going to get answered, and in light of that I messed around with the settings yesterday and today and I think I managed to figure out a lot of my issues, and am very pleased with the outcome.

    Unfortunately, the one issue I still have yet to solve is port forwarding. You are definitely right about the gateways problem, but that still doesn't fix it….I'm stumped. I've attached new pictures of my slightly different configuration below, and if you need anymore information please let me know.

    Oddly enough, I've got bittorrent port forwarding (see BittorrentPorts) to work for all clients, however the client that needs other ports forwarded (see PortForwardPorts) doesn't work despite mirroring the same setup used to forward the bittorrent ports. What's wrong with this approach?

    Thanks for your help again. This time I won't go messing around in the settings before I get a reply  :P I'm loving pfsense!






  • Not to bump, but I figured out the situation with the port forwarding. pfsense was forwarding them fine, just as it's forwarding the bittorrent ports correctly. My webserver is accessible from outside of my network….the issue is accessing my server from the internal network/the same computer it's on using the internet address which points to my WAN ip.

    I'm guessing it's some sort of loopback problem that can be fixed with a rule. Not sure of what rule that is, so if anyone has any input that would be great, but it's not a big deal since I figured it out and may be able to do so further on my own. Thanks again!



  • If you want to access a local Server via the WAN IP enable NAT reflection.
    sticky: http://forum.pfsense.org/index.php/topic,7001.0.html


Log in to reply