RE: [pfSense Support] Outgoing Load Balancing mini-howto
And does CARP have to be running? I think the answer to 6 would be something like a DNS box on the ISP's network .. or perhaps even something like www.microsoft.com ? -Original Message- From: Rajkumar S [mailto:[EMAIL PROTECTED] Sent: Thursday, October 13, 2005 9:59 AM To: support@pfsense.com Subject: [pfSense Support] Outgoing Load Balancing mini-howto Hi, I have some clarifications about the Outgoing Load Balancing mini-howto. I assume this is about sharing two internet links so that outbound traffic flows to both of them. 1. visit services - load balancer 2. delete any pools that are there that do not work 3. add a new pool and call it loadbalancetowans or something descriptive 4. set the description to load balancing from lan - internet or something descriptive 5. set the type to gateway 6. in the monitor ip box, set a box upstream from this router that can be polled (via tcp socket) to ensure link is up What is this monitor ip? If I have two internet connections, which ip can I specify here? 7. in the ip box type in the 1st router gateway ip I assume this to be the gateway of first internet connection. 8. repeat for the second gateway Gateway of second internet connection and so on... raj - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Outgoing Load Balancing mini-howto
Frimmel, Ivan (ISS South Africa) wrote: And does CARP have to be running? I am not having CARP in mind, as CARP and link sharing are two different things. If CARP has to be running then this may not be what I want. Specifically I am looking at http://lartc.org/howto/lartc.rpdb.multiple-links.html This Linux command is working well for me. ip route add default scope global nexthop via $P1 dev $IF1 weight 1 \ nexthop via $P2 dev $IF2 weight 1 I think the answer to 6 would be something like a DNS box on the ISP's network .. or perhaps even something like www.microsoft.com ? This is exactly what I have done. More Queries as I am going through the steps: Create NAT-Rules for your WAN-POOL 1. visit firewallNATOutbound 2. enable advanced outbound nat 3. check the automatically created rules. 4. create rules for all your internal networks to map to OPT interfaces.. (one rule for each internal network to each opt-interface in the pool) I could not understand this? Which OPT interface? each internal network ? I have only one. 5. Apply the changes Policy based balancing 1. Edit a firewall rule on the LAN or Optional interfaces. * NOTE! We do not recommend editing the default pass all rule! Create a new rule before the default rule for your policy. 2. Set the gateway to the newly created pool Done!. It seems the loadbalancer is working. I am able to tcpdump the second gateway and see some packets. But when I traceroute from the lan, all packets goes via the first gateway. Also can I specify the priority of each gateway. ie I have an 1mbps link and a 256kbps, out of 5 packets 4 must go through 1mbps link and one via 256 kbps. Also in the wish list is to specify one gateway for some ips. ie dns and smtp server for first isp should always be routed via first isp and vice versa. raj -Original Message- From: Rajkumar S [mailto:[EMAIL PROTECTED] Sent: Thursday, October 13, 2005 9:59 AM To: support@pfsense.com Subject: [pfSense Support] Outgoing Load Balancing mini-howto Hi, I have some clarifications about the Outgoing Load Balancing mini-howto. I assume this is about sharing two internet links so that outbound traffic flows to both of them. 1. visit services - load balancer 2. delete any pools that are there that do not work 3. add a new pool and call it loadbalancetowans or something descriptive 4. set the description to load balancing from lan - internet or something descriptive 5. set the type to gateway 6. in the monitor ip box, set a box upstream from this router that can be polled (via tcp socket) to ensure link is up What is this monitor ip? If I have two internet connections, which ip can I specify here? 7. in the ip box type in the 1st router gateway ip I assume this to be the gateway of first internet connection. 8. repeat for the second gateway Gateway of second internet connection and so on... raj - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Outgoing Load Balancing mini-howto
On 10/13/05, Rajkumar S [EMAIL PROTECTED] wrote: Hi, I have some clarifications about the Outgoing Load Balancing mini-howto. I assume this is about sharing two internet links so that outbound traffic flows to both of them. 1. visit services - load balancer 2. delete any pools that are there that do not work 3. add a new pool and call it loadbalancetowans or something descriptive 4. set the description to load balancing from lan - internet or something descriptive 5. set the type to gateway 6. in the monitor ip box, set a box upstream from this router that can be polled (via tcp socket) to ensure link is up What is this monitor ip? If I have two internet connections, which ip can I specify here? When we get this working, it'll be ICMP monitoring and you'll need to provide the IP address of something on the other end of your WAN link to ping to determine link availability. 7. in the ip box type in the 1st router gateway ip I assume this to be the gateway of first internet connection. yes. 8. repeat for the second gateway Gateway of second internet connection and so on... yes. --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Outgoing Load Balancing mini-howto
On 10/13/05, Frimmel, Ivan (ISS South Africa) [EMAIL PROTECTED] wrote: And does CARP have to be running? Nothing to do with CARP :) --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Outgoing Load Balancing mini-howto
On 10/13/05, Rajkumar S [EMAIL PROTECTED] wrote: Create NAT-Rules for your WAN-POOL 1. visit firewallNATOutbound 2. enable advanced outbound nat 3. check the automatically created rules. 4. create rules for all your internal networks to map to OPT interfaces.. (one rule for each internal network to each opt-interface in the pool) I could not understand this? Which OPT interface? each internal network ? I have only one. This is mainly a confirmation that the source addresses for your internal network(s) will be presented to the internet correctly. If it looks right, don't do anything. Policy based balancing 1. Edit a firewall rule on the LAN or Optional interfaces. * NOTE! We do not recommend editing the default pass all rule! Create a new rulebefore the default rule for your policy. 2. Set the gateway to the newly created pool Done!. It seems the loadbalancer is working. I am able to tcpdump the second gateway and see some good :) packets. But when I traceroute from the lan, all packets goes via the first gateway. Also State tables. Wait a while try again. Eventually you'll get on the other side of your new 50-50 logic as to which link a new IP flow will go down. can I specify the priority of each gateway. ie I have an 1mbps link and a 256kbps, out of 5 packets 4 must go through 1mbps link and one via 256 kbps. Also in the wish list is to Not today. I think I have this locked out right now, but you can do ratio based load balancing...put the 1Mbit link in the gateway pool 4 times and the 256K link once - that would have the same effect. Again, I believe this isn't currently possible in the UI, if you're willing to test it, I'll open it up (I have a MUCH larger discrepency at home 8Mbit and 384Kbit, so I don't load balance, I send targeted traffic out each link). specify one gateway for some ips. ie dns and smtp server for first isp should always be routed via first isp and vice versa. Policy based routing. Create a rule for each item you'd like to direct over a given link. Remember, we're a first match system, just place the more specific rules first in your list and it'll match. --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
