AW: [pfSense Support] Outgoing load balancing problem
It can be done the way you describe it and I have this setup at home in my testenvironment (however, I use different subnets on my wans, but it should work with your setup too as far as I know). If properly configured you should see the 2 wans used roundrobin. In my setup this means if I traceroute to internet testtarget1.com I can see the traffic going out wan1. Tracerouting testtarget2 shows the route going out via wan2. If you always trace the same target it will mostprobably stay at the same wan for some time as the connections are sticky to the wan it went out the first time unless the states for that connection are gone because of closing the connection or statetable-timeout removes it. (I'm not sure if the latest changes to the loadbalancer to work this way are in 0.80.4 already or if you have to upgrade some files first. At some point the loadbalancer only worked for more than one client as a clients IP was mapped to one of the wans, but I lost trace here, check cvs-trac for further info ;-). You should upgrade to the latest image after itbecomes available. With this one you don't need the manual NAT setup any more and also enabling advanced outbound NAT should create correct rules for the loadbalancer by default. The monitor IP can be any IP you want to check through this wan. Of course it should be a highavailablity IP as the connection will be assumed broken if it doesn't get an answer from this and the wan will be removed from the roundrobin-pool. Monitoring doesn't work at the moment as far as I know, so at the moment it isn't used anyway. The problem with the non-editable list is known already, thanks for reporting. Holger -Ursprüngliche Nachricht- Von: Daniel Solsona [mailto:[EMAIL PROTECTED] Gesendet: Dienstag, 30. August 2005 09:49 An: support@pfsense.com Betreff: [pfSense Support] Outgoing load balancing problem I have soekirs 4501 with 0.80.4 and I was trying outoing load balancing. I've read the wiki document and I can get it work atm. I just have done a quick test to try it, will try to do a better one when I have more time. Actually I tryed: Lan on eth0 with ip 192.168.1.1 Linux client on lan with ip 192.168.1.10 and gateway 192.168.1.1 Wan on eth1 with ip 192.168.50.199 On wan I've two adsl routers conected to a switch. Ip for adsl1 is 192.168.50.240 and ip for adsl2 is 192.168.50.80 I go to sevices and create the load balancer pool. At this point I've a question about ip monitor, it needs to be an internet ip? the adsl router ip? I add the 2 adsl gateways ip to the pool. Probably at this point there is a bug in 0.80.4 when you try to edit an outgoing load balancer pool. You click on edit and you dont get all the info from the pool, just the name, description and type of pool, but the list is empty. After I go to nat and enable advanced outbound nat. And then change the firewall rule to the new gateway pool. When i try to see if it works, i do a traceroute to google and it goes to the first adsl router (192.168.50.80) but if I unplug the adsl router It doesnt change to the other router. So the question, it can be done on this way or I need to make two wan adapters and put the router on diferent ethernet? Thanks for the help - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Virus checked by G DATA AntiVirusKit - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Outgoing load balancing problem
0.81 contained a number of load balancer fixes. --BillOn 8/30/05, Holger Bauer [EMAIL PROTECTED] wrote: It can be done the way you describe it and I have this setup at home in my testenvironment (however, I use different subnets on my wans, but it should work with your setup too as far as I know). If properly configured you should see the 2 wans used roundrobin. In my setup this means if I traceroute to internet testtarget1.com I can see the traffic going out wan1. Tracerouting testtarget2 shows the route going out via wan2. If you always trace the same target it will mostprobably stay at the same wan for some time as the connections are sticky to the wan it went out the first time unless the states for that connection are gone because of closing the connection or statetable-timeout removes it. (I'm not sure if the latest changes to the loadbalancer to work this way are in 0.80.4 already or if you have to upgrade some files first. At some point the loadbalancer only worked for more than one client as a clients IP was mapped to one of the wans, but I lost trace here, check cvs-trac for further info ;-). You should upgrade to the latest image after itbecomes available. With this one you don't need the manual NAT setup any more and also enabling advanced outbound NAT should create correct rules for the loadbalancer by default.The monitor IP can be any IP you want to check through this wan. Of course it should be a highavailablity IP as the connection will be assumed broken if it doesn't get an answer from this and the wan will be removed from the roundrobin-pool. Monitoring doesn't work at the moment as far as I know, so at the moment it isn't used anyway.The problem with the non-editable list is known already, thanks for reporting.Holger-Ursprüngliche Nachricht-Von: Daniel Solsona [mailto: [EMAIL PROTECTED]]Gesendet: Dienstag, 30. August 2005 09:49An: support@pfsense.comBetreff: [pfSense Support] Outgoing load balancing problem I have soekirs 4501 with 0.80.4 and I was trying outoing load balancing.I've read the wiki document and I can get it work atm.I just have done a quick test to try it, will try to do a better one when I have more time. Actually I tryed:Lan on eth0 with ip 192.168.1.1Linux client on lan with ip 192.168.1.10 and gateway 192.168.1.1Wan on eth1 with ip 192.168.50.199On wan I've two adsl routers conected to a switch. Ip for adsl1 is192.168.50.240 and ip for adsl2 is 192.168.50.80I go to sevices and create the load balancer pool.At this point I've a question about ip monitor, it needs to be an internet ip? the adsl router ip?I add the 2 adsl gateways ip to the pool.Probably at this point there is a bug in 0.80.4 when you try to edit anoutgoing load balancer pool. You click on edit and you dont get all the info from the pool, just the name, description and type of pool, but the list isempty.After I go to nat and enable advanced outbound nat. And then change thefirewall rule to the new gateway pool. When i try to see if it works, i do a traceroute to google and it goes to thefirst adsl router (192.168.50.80) but if I unplug the adsl router It doesntchange to the other router. So the question, it can be done on this way or I need to make two wan adaptersand put the router on diferent ethernet?Thanks for the help- To unsubscribe, e-mail: [EMAIL PROTECTED]For additional commands, e-mail: [EMAIL PROTECTED] Virus checked by G DATA AntiVirusKit-To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
