PfSense als load balancer (Multi-WAN Version 1.2.x)
Inhaltsverzeichnis |
Ziel
Die Idee ist, ein Gerät zu konfigurieren, das
- 1 LAN mit mehreren WAN verbindet,
- load balancing gewährleistet,
- fall back Funktionalität bietet.
UMTS Router Vodafone UMTS Router O2 ADSL (slow)
| | |
------------ pfSense Box ---------------
|
LAN
externe Anleitung
Hardware
Hardware Architectures
pfSense is supported only on the x86 architecture. The types of devices supported range from standard PCs to a variety of embedded devices. It is targeted at x86-based PCs 300 MHz or faster.
Minimum Hardware Requirements
PII / 128MB
Unsere Hardware
- AMD Duron800
- 512MB DDR400
- 1x Realtek RTL8139c
- 1x 3Com 3c905-TX
- 2x 3Com 3c905-TX-M
Vorbereitung / HW-Bastelei
- Zusammenbau
- Notieren der Netzwerkkarten in Einbaureihenfolge von oben nach unten
- Knoppix booten, Netzwerkkarten testen (ping) Tabelle anlegen
| NIC-Name | IRQ/Base | Linux-Dev-Name | BSD-Dev-Name | MAC |
|---|---|---|---|---|
| 3c905-TX | irq5/0xD400 | eth0 | xl0 (später nach booten von pfSense eingefügt) | 00:60:.. |
| 3c905-TX-M | irq11/0xAF80 | eth1 | xl1 (später nach booten von pfSense eingefügt) | 00:04:.. |
| 3c905-TX-M | irq5/0xFF00 | eth2 | xl2 (später nach booten von pfSense eingefügt) | 00:01:.. |
| RTL8139c | irq5/0x800 | eth3 | rl0 (später nach booten von pfSense eingefügt) | 00:30:.. |
- memtest
- aktuelles pfSense "Live CD with Installer" downloaden und auf CD brennen
Installation
- erst pfSense default von CD starten
- bei entsprechender Frage Optionen installieren (I) wählen
- eventuelle Fehlermeldungen von fdisk bzgl. zu großer Sektoren etc. durch skip ignorieren
- wie gewünscht neu booten, CD entfernen
Konfiguration
UMTS Router Vodafone UMTS Router O2 ADSL (slow)
192.168.30.1 192.168.20.1 192.168.10.1
| | |
255.255.255.0 255.255.255.0 255.255.255.0
| | |
192.168.30.10 192.168.20.10 192.168.10.10
| | |
------------ pfSense Box ---------------
|
LAN
192.168.0.1
255.255.255.0
DHCP Y (192.168.0.100 - ....200)
pfSense console setup
- LAN IP Address: 192.168.0.1 / 255.255.255.0
- DHCP y
- DHCP start address 192.168.0.100
- DHCP end address 192.168.0.10
Setting up routers
...
Using the pfSense Wizard
- Go to http://192.168.0.1 (LAN IP)
- Select System - Setup Wizard from the menu
General parameters screen
- hostname
- domain
- Primary DNS server
- Secondary DNS server
- Allow DNS server list to be overridden by DHCP/PPP on WAN
Note: it is important to use one from each (or use a public DNS service) or you will loose internet access when one or other connections fails.
- time server DNS name
- Timezone
WAN configuration
- Selected type
- IP address
- Gateway
password and reboot
OPT1, OPT2.OPTn interface
Optional 1 (WAN2) set up for a MultiWAN configuration Optional 2 (WAN3) set up for a MultiWAN configuration Optional n (WANn) set up for a MultiWAN configuration
From the pfSense menu select Interfaces - OPT1 and set up as follows:
- enable Optional 1 interface: checked
- Type: Static - assumes you are not using an address assigned by your ISP
- Bridge with: None
- IP address
- Gateway
- Checking interfaces
Interfaces set up for a MultiWAN configuration
From the pfsense menu select Interfaces - Assign and you should get an screen like the one of the right. Note your hex numbers (The MAC addresses) will be different.
Now to check that pfSense can see your modem routers you use Diagnostics - Ping. With WAN 1 selected, enter the IP address of your modem / router - 192.168.0.254 if you are using the guide values in this document.
If you are using using a modem / router without NAT, the check first that the WAN link is up and ping the DNS server address that you recorded earlier.
FTP helper: Check also that FTP helper is only enabled for the LAN interface. That is it should be disabled on all WAN interfaces
Setting up Load Balancing pools
Overview
how the various Pools and gateways are related, and how they can be used
This setup uses 3 pools
1. One pool for load balanced use when both WANS are working 2. One pool which prefers WAN 1, for use when WAN 2 has failed 3. One pool which prefers WAN 2, for use when WAN 1 has failed
These pools use the 2 gateways that are already established (by the interfaces WAN and WAN 2) to load balance and support failover when a WAN link fails Selecting a Monitor IP address
pfSense monitors each WAN connection by pinging the monitor address you specify. If the ping fails, the link is marked down and the appropriate failover configuration is used (actually if the ping fails it retries a few times to be sure, this avoids false indications of the connection going down).
Note that pfSense automatically sets up to route traffic to your monitor IP only down the link it is monitoring, so don't use a popular web site as this will force all its traffic down 1 link. Better to use a router or server in your ISP's network.
Good addresses to use your ISP's DNS server (1 from each ISP). The web interface makes it easy to pick these when setting up the pools later.
Other good monitor addresses are the default gateway your modem has assigned (if it responds to ping!), your ISP's webmail server, or a router within your ISP's network - you can find one of these by using traceroute to a public service, be careful though, larger ISPs will have networks that dynamically adapt so a router you see now may not be there an hour later!
After Wizard general setup
- Go into 'Services' - 'DNS Forwarder', turn on
- Register DHCP leases in DNS forwarder
- Register DHCP static mappings in DNS forwarde
