Version vom 2. Juli 2010, 13:29 Uhr

Inhaltsverzeichnis

1 Ziel
2 externe Anleitung
3 Hardware
4 Vorbereitung / HW-Bastelei
5 Installation
6 Konfiguration

Ziel

Die Idee ist, ein Gerät zu konfigurieren, das

1 LAN mit mehreren WAN verbindet,
load balancing gewährleistet,
fall back Funktionalität bietet.

Fehler beim Erstellen des Vorschaubildes: Die Miniaturansicht konnte nicht am vorgesehenen Ort gespeichert werden

UMTS Router Vodafone   UMTS Router O2  ADSL (slow)
    |                          |            |
    ------------ pfSense Box ---------------
                    |
                   LAN

externe Anleitung

Multi-WAN Version 1.2.x

Hardware

Hardware Architectures

pfSense is supported only on the x86 architecture. The types of devices supported range from standard PCs to a variety of embedded devices. It is targeted at x86-based PCs 300 MHz or faster.

Minimum Hardware Requirements

PII / 128MB

Unsere Hardware

AMD Duron800
512MB DDR400
1x Realtek RTL8139c
1x 3Com 3c905-TX
2x 3Com 3c905-TX-M

Vorbereitung / HW-Bastelei

Zusammenbau
Notieren der Netzwerkkarten in Einbaureihenfolge von oben nach unten
Knoppix booten, Netzwerkkarten testen (ping) Tabelle anlegen

NIC-Name	IRQ/Base	Linux-Dev-Name	BSD-Dev-Name	MAC
3c905-TX	irq5/0xD400	eth0	xl0 (später nach booten von pfSense eingefügt)	00:60:..
3c905-TX-M	irq11/0xAF80	eth1	xl1 (später nach booten von pfSense eingefügt)	00:04:..
3c905-TX-M	irq5/0xFF00	eth2	xl2 (später nach booten von pfSense eingefügt)	00:01:..
RTL8139c	irq5/0x800	eth3	rl0 (später nach booten von pfSense eingefügt)	00:30:..

memtest
aktuelles pfSense "Live CD with Installer" downloaden und auf CD brennen

Installation

erst pfSense default von CD starten
bei entsprechender Frage Optionen installieren (I) wählen
eventuelle Fehlermeldungen von fdisk bzgl. zu großer Sektoren etc. durch skip ignorieren
wie gewünscht neu booten, CD entfernen

Konfiguration

UMTS Router Vodafone   UMTS Router O2  ADSL (slow)
192.168.30.1           192.168.20.1    192.168.10.1 
    |                          |            |
255.255.255.0          255.255.255.0   255.255.255.0
    |                          |            |
192.168.30.10          192.168.20.10   192.168.10.10
    |                          |            |
    ------------ pfSense Box ---------------
                    |
                   LAN
                192.168.0.1
                255.255.255.0
          DHCP Y (192.168.0.100 - ....200)

pfSense console setup

LAN IP Address: 192.168.0.1 / 255.255.255.0
DHCP y
DHCP start address 192.168.0.100
DHCP end address 192.168.0.10

Setting up routers

...

Using the pfSense Wizard

Go to http://192.168.0.1 (LAN IP)
Select System - Setup Wizard from the menu

General parameters screen

hostname
domain
Primary DNS server
Secondary DNS server
Allow DNS server list to be overridden by DHCP/PPP on WAN

Note: it is important to use one from each (or use a public DNS service) or you will loose internet access when one or other connections fails.

time server DNS name
Timezone

WAN configuration

Selected type
IP address
Gateway

password and reboot

OPT1, OPT2.OPTn interface

Optional 1 (WAN2) set up for a MultiWAN configuration
Optional 2 (WAN3) set up for a MultiWAN configuration
Optional n (WANn) set up for a MultiWAN configuration

From the pfSense menu select Interfaces - OPT1 and set up as follows:

enable Optional 1 interface: checked
Type: Static - assumes you are not using an address assigned by your ISP
Bridge with: None
IP address
Gateway

Checking interfaces

Interfaces set up for a MultiWAN configuration

From the pfsense menu select Interfaces - Assign and you should get an screen like the one of the right. Note your hex numbers (The MAC addresses) will be different.
Now to check that pfSense can see your modem routers you use Diagnostics - Ping. With WAN 1 selected, enter the IP address of your modem / router - 192.168.0.254 if you are using the guide values in this document.
If you are using using a modem / router without NAT, the check first that the WAN link is up and ping the DNS server address that you recorded earlier.
FTP helper: Check also that FTP helper is only enabled for the LAN interface. That is it should be disabled on all WAN interfaces

Setting up Load Balancing pools

pools

One pool for load balanced use when both WANS are working
One pool which prefers WAN 1, for use when WAN 2 has failed
One pool which prefers WAN 2, for use when WAN 1 has failed

These pools use the 3 gateways that are already established (by the interfaces WAN and WAN 2) to load balance and support failover when a WAN link fails

@@ Zeile 142: / Zeile 142: @@
 ==Interfaces set up for a MultiWAN configuration==
-From the pfsense menu select Interfaces - Assign and you should get an screen like the one of the right. Note your hex numbers (The MAC addresses) will be different.
+*From the pfsense menu select Interfaces - Assign and you should get an screen like the one of the right. Note your hex numbers (The MAC addresses) will be different.
+*Now to check that pfSense can see your modem routers you use Diagnostics - Ping. With WAN 1 selected, enter the IP address of your modem / router - 192.168.0.254 if you are using the guide values in this document.
+*If you are using using a modem / router without NAT, the check first that the WAN link is up and ping the DNS server address that you recorded earlier.
+*FTP helper: Check also that FTP helper is only enabled for the LAN interface. That is it should be disabled on all WAN interfaces
-Now to check that pfSense can see your modem routers you use Diagnostics - Ping. With WAN 1 selected, enter the IP address of your modem / router - 192.168.0.254 if you are using the guide values in this document.
+==Setting up Load Balancing pools==
-If you are using using a modem / router without NAT, the check first that the WAN link is up and ping the DNS server address that you recorded earlier.
+* pools
+#One pool for load balanced use when both WANS are working
+#One pool which prefers WAN 1, for use when WAN 2 has failed
+#One pool which prefers WAN 2, for use when WAN 1 has failed
-FTP helper: Check also that FTP helper is only enabled for the LAN interface. That is it should be disabled on all WAN interfaces
+*These pools use the 3 gateways that are already established (by the interfaces WAN and WAN 2) to load balance and support failover when a WAN link fails
-Setting up Load Balancing pools
-Overview
-how the various Pools and gateways are related, and how they can be used
-This setup uses 3 pools
-. One pool for load balanced use when both WANS are working
-. One pool which prefers WAN 1, for use when WAN 2 has failed
-. One pool which prefers WAN 2, for use when WAN 1 has failed
-These pools use the 2 gateways that are already established (by the interfaces WAN and WAN 2) to load balance and support failover when a WAN link fails
-Selecting a Monitor IP address
-pfSense monitors each WAN connection by pinging the monitor address you specify. If the ping fails, the link is marked down and the appropriate failover configuration is used (actually if the ping fails it retries a few times to be sure, this avoids false indications of the connection going down).
-Note that pfSense automatically sets up to route traffic to your monitor IP only down the link it is monitoring, so don't use a popular web site as this will force all its traffic down 1 link. Better to use a router or server in your ISP's network.
-Good addresses to use your ISP's DNS server (1 from each ISP). The web interface makes it easy to pick these when setting up the pools later.
-Other good monitor addresses are the default gateway your modem has assigned (if it responds to ping!), your ISP's webmail server, or a router within your ISP's network - you can find one of these by using traceroute to a public service, be careful though, larger ISPs will have networks that dynamically adapt so a router you see now may not be there an hour later!
-After Wizard general setup
-* Go into 'Services' - 'DNS Forwarder', turn on
-**Register DHCP leases in DNS forwarder
-**Register DHCP static mappings in DNS forwarde

PfSense als load balancer (Multi-WAN Version 1.2.x)