• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Multi-WAN support with same gateway on multiple interfaces ***{NOW $650}***

Scheduled Pinned Locked Moved Expired/Withdrawn Bounties
38 Posts 13 Posters 32.1k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • G
    GoldServe
    last edited by Feb 26, 2009, 2:42 AM Jun 28, 2008, 12:13 AM

    I know this can be done already by natting all the interfaces to make it appear as multiple gateways but if commercial routers can do this, why not pfsense?

    I think pfsense is great but the whole system needs to be more multi-wan aware. I know lots of kernel hacking is required so please post your interest and bounty!

    I'm a home user but i'm gonna put $100 down to see this get done. I can very well go buy a dual wan commercial router but I want to see pfsense kick some serious ass!

    Thanks for looking!

    1 Reply Last reply Reply Quote 0
    • E
      eri--
      last edited by Jun 28, 2008, 10:36 AM

      You want load balancing between connection going over the same interface with the same gateway or between multiple connection that share the gateway?

      1 Reply Last reply Reply Quote 0
      • C
        cmb
        last edited by Jun 28, 2008, 4:08 PM

        I talked to GoldServe in IRC last night - what he wants is multiple interfaces and connections with the same gateway Ermal. Like you'll usually end up with if you have multiple cable modems. Since we have to use IPs with route-to there isn't anything we can do as is, but I was hoping you'd see this.  :)  Thought you might know of a way to hack pf to accommodate this, if more people were willing to chip in on the bounty.

        1 Reply Last reply Reply Quote 0
        • E
          eri--
          last edited by Jun 28, 2008, 6:54 PM

          @cmb:

          Thought you might know of a way to hack pf to accommodate this, if more people were willing to chip in on the bounty.

          Well there is a way adding to pf(4) the ability to directly send arp packets in the wire :).
          But if i add that then it will open up the ability to do arp level(layer2) balancing wouldn't it :P

          I might consider it if more chips in on the bounty since kernel hacking is involved.

          Ermal

          1 Reply Last reply Reply Quote 0
          • G
            GoldServe
            last edited by Jun 28, 2008, 7:18 PM

            I really hope more people can add to this bounty. It would be much simpler to do multi-wan.

            1 Reply Last reply Reply Quote 0
            • C
              cmb
              last edited by Jul 8, 2008, 2:33 AM

              @ermal:

              Well there is a way adding to pf(4) the ability to directly send arp packets in the wire :).
              But if i add that then it will open up the ability to do arp level(layer2) balancing wouldn't it :P

              I don't think that would solve it though - we're talking about the same MAC address on both interfaces as well generally, so L2 load balancing wouldn't fix this. It has to have a way to leave a particular physical interface, without using anything L2-L7.

              1 Reply Last reply Reply Quote 0
              • E
                eri--
                last edited by Jul 8, 2008, 4:08 PM

                @cmb:

                @ermal:

                Well there is a way adding to pf(4) the ability to directly send arp packets in the wire :).
                But if i add that then it will open up the ability to do arp level(layer2) balancing wouldn't it :P

                I don't think that would solve it though - we're talking about the same MAC address on both interfaces as well generally, so L2 load balancing wouldn't fix this. It has to have a way to leave a particular physical interface, without using anything L2-L7.

                I thought it was the same ip for the gateway ;)

                For the same mac address not much can be done with different enviroments ;-{

                1 Reply Last reply Reply Quote 0
                • H
                  hhh3h
                  last edited by Jul 19, 2008, 12:03 AM Jul 18, 2008, 9:57 PM

                  I really have no idea how pfSense works, because I am just in the thinking stages of whether I should move to a pfSense/IPCop router or should keep my perfectly fine cisco multi-wan VPN router.  Nevertheless, I'd like to throw this idea out there (please don't flame if its a stupid idea).

                  It seems that multi-wan support is merely an appendage feature that's thrown in at the end of the project without much thought behind it.  But, wouldn't it be better if IpTables was redesigned to simply address which ethernet port the packets should be forwarded to?

                  –-------------------
                  Something like this would be the setup for someone who wants to have one group of PCs use one modem, and another group of PCs use another modem:

                  | IP Range | Default Ethernet Adapter | Backup Ethernet Adapter | Load Balance Switch Threshold (kbps) (Note1) | Applicable Ports (Note2) |
                  | 192.168.0.* | 0 | 1 | 2000 | * |
                  | 192.168.1.* | 1 | 0 | 2000 | * |
                  | 192.168.1.0-192.168.1.10,192.168.1.15,192.168.1.34 | 0 | 1 | 2000 | * |

                  –-------------------
                  And using the same table, but going with a different need, something like this would be the setup for someone who wants, for all PCs, to direct certain types of traffic to one modem, and other types of traffic to go to another modem:

                  | IP Range | Default Ethernet Adapter | Backup Ethernet Adapter | Load Balance Switch Threshold (kbps) (Note1) | Applicable Ports (Note2) |
                  | * | 0 | 1 | 2000 | * |
                  | * | 1 | 0 | 2000 | 80-81,500 |

                  –-------------------
                  (Note1) Set "Load Balance Switch Threshold" to 0-kbps to never load balance, meaning the backup ethernet adapter would only be used if the first one failed.

                  (Note2) If you leave out a port, the router will not forward packets on that port to any ethernet adapter, meaning the packet on that port would be dropped (blocked) like an outgoing firewall.

                  1 Reply Last reply Reply Quote 0
                  • E
                    eri--
                    last edited by Jul 18, 2008, 10:17 PM

                    Well,  ;D, you remind me of why so many people talk as they please and few of them do the real work.

                    1 Reply Last reply Reply Quote 0
                    • G
                      GoldServe
                      last edited by Jul 18, 2008, 10:20 PM

                      That is a really cool idea and would put pfsense above all others! Unfortunately, it is going to take some massive rewrite and someone's commitment to accomplish that. I will put down $200 out of my own pockets to see work being down in that direction.

                      1 Reply Last reply Reply Quote 0
                      • H
                        hhh3h
                        last edited by Jul 19, 2008, 12:11 AM

                        @ermal:

                        Well,  ;D, you remind me of why so many people talk as they please and few of them do the real work.

                        I'm sorry..

                        @GoldServe:

                        That is a really cool idea and would put pfsense above all others! Unfortunately, it is going to take some massive rewrite and someone's commitment to accomplish that. I will put down $200 out of my own pockets to see work being down in that direction.

                        Thank you

                        I would be inclined to support a project with this functionality as well, but I only learned about pfsense and feature bounties today.  I am wondering what the trackrecord is and/or likelihood that something would actually be developed.

                        1 Reply Last reply Reply Quote 0
                        • G
                          GoldServe
                          last edited by Jul 19, 2008, 12:13 AM

                          The bounty system proved successful for the traffic shaper. Now it is vastly improved and functional.

                          1 Reply Last reply Reply Quote 0
                          • C
                            cmb
                            last edited by Jul 19, 2008, 1:02 AM

                            @hhh3h:

                            I would be inclined to support a project with this functionality as well, but I only learned about pfsense and feature bounties today.  I am wondering what the trackrecord is and/or likelihood that something would actually be developed.

                            For this feature, I don't know how likely it is to be completed. This is a more difficult one to implement than ones that have been completed in the past.

                            The only problem to date with bounties is people pledging support and never paying. The last one I did was even worse - I bought the hardware the company was using so I could implement the desired functionality with the promise it would be reimbursed, did the work as agreed upon and it was successfully completed. They refuse to pay, so I'm out $450 USD out of my pocket plus all the time spent. Losing time is one thing, losing that much money out of my pocket is another entirely… Lesson learned, I'll never buy any hardware under the promise of reimbursement again.

                            The bounty system has proven to be a great way to get functionality implemented for the end users. The developers have gotten screwed on multiple occasions, to varying degrees, but no end user has ever gotten less than promised.

                            1 Reply Last reply Reply Quote 0
                            • H
                              hhh3h
                              last edited by Jul 19, 2008, 1:34 AM

                              @cmb:

                              @hhh3h:

                              I would be inclined to support a project with this functionality as well, but I only learned about pfsense and feature bounties today.  I am wondering what the trackrecord is and/or likelihood that something would actually be developed.

                              For this feature, I don't know how likely it is to be completed. This is a more difficult one to implement than ones that have been completed in the past.

                              Thank you for replying.  It seems that there are many many of threads on I see on the internet about "why doesn't IPCop support multi-WANs", and "why is it so hard to get multi-WANs working in pfSense".  Therefore, I would assume that well-designed, intrinsic functionality to support a multi-WAN environment should be a high priority.

                              But nevertheless, are you saying that I should not pledge any money on this project because it is not likely to be completed?  I would really appreciate a realistic projection.

                              Thank you

                              1 Reply Last reply Reply Quote 0
                              • E
                                eri--
                                last edited by Jul 19, 2008, 7:23 AM

                                Well nobody stops you from pledging!
                                The problem is that the offer should be serious and so should be your commitment when the bounty is finished.

                                I do not think that multi-WAN in pfSense is difficult, though in 1.3 the configuration has changed somewhat.

                                The first thing before pledging moeny is stating what are your needs and after that what is your pledge.

                                Ermal

                                1 Reply Last reply Reply Quote 0
                                • H
                                  hhh3h
                                  last edited by Jul 19, 2008, 5:13 PM

                                  @ermal:

                                  Well nobody stops you from pledging!
                                  The problem is that the offer should be serious and so should be your commitment when the bounty is finished.

                                  I'm serious about getting something done.  I'm not going to pledge money for this idea if cmb is saying it's not going to be doable…....

                                  1 Reply Last reply Reply Quote 0
                                  • E
                                    eri--
                                    last edited by Jul 19, 2008, 5:19 PM

                                    Actually it is quite doable and i am one of the possible implementers of it. Just need to be convinced to do it…..

                                    1 Reply Last reply Reply Quote 0
                                    • G
                                      GoldServe
                                      last edited by Jul 20, 2008, 4:41 PM

                                      That's good news. I'm very serious about committing $200 of my personal money for this. I use pfsense for home use only as I am a geek =D I paid a little for the traffic shapper changes even though I do not use it but I hear it was well worth it.

                                      Cheers!

                                      1 Reply Last reply Reply Quote 0
                                      • H
                                        hhh3h
                                        last edited by Jul 20, 2008, 6:53 PM

                                        @ermal:

                                        Actually it is quite doable and i am one of the possible implementers of it. Just need to be convinced to do it…..

                                        Great.. How much total pledge money will convince you?

                                        1 Reply Last reply Reply Quote 0
                                        • E
                                          eri--
                                          last edited by Jul 21, 2008, 7:53 AM

                                          How much total pledge money will convince you?

                                          You make your offer and i will give my answer.

                                          1 Reply Last reply Reply Quote 0
                                          • First post
                                            Last post
                                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                                            [[user:consent.lead]]
                                            [[user:consent.not_received]]