PfSense als load balancer (Multi-WAN Version 1.2.x)

Aus ConfigWiki
Wechseln zu: Navigation, Suche

Inhaltsverzeichnis

Ziel

Die Idee ist, ein Gerät zu konfigurieren, das

  • 1 LAN mit mehreren WAN verbindet,
  • load balancing gewährleistet,
  • fall back Funktionalität bietet.


Fehler beim Erstellen des Vorschaubildes: Die Miniaturansicht konnte nicht am vorgesehenen Ort gespeichert werden
UMTS Router Vodafone   UMTS Router O2  ADSL (slow)
    |                          |            |
    ------------ pfSense Box ---------------
                    |
                   LAN

externe Anleitung

Multi-WAN Version 1.2.x

Hardware

Hardware Architectures

pfSense is supported only on the x86 architecture. The types of devices supported range from standard PCs to a variety of embedded devices. It is targeted at x86-based PCs 300 MHz or faster.

Minimum Hardware Requirements

PII / 128MB

Unsere Hardware

  • AMD Duron800
  • 512MB DDR400
  • 1x Realtek RTL8139c
  • 1x 3Com 3c905-TX
  • 2x 3Com 3c905-TX-M

Vorbereitung / HW-Bastelei

  • Zusammenbau
  • Notieren der Netzwerkkarten in Einbaureihenfolge von oben nach unten
  • Knoppix booten, Netzwerkkarten testen (ping) Tabelle anlegen
NIC-Name IRQ/Base Linux-Dev-Name BSD-Dev-Name MAC
3c905-TX irq5/0xD400 eth0 xl0 (später nach booten von pfSense eingefügt) 00:60:..
3c905-TX-M irq11/0xAF80 eth1 xl1 (später nach booten von pfSense eingefügt) 00:04:..
3c905-TX-M irq5/0xFF00 eth2 xl2 (später nach booten von pfSense eingefügt) 00:01:..
RTL8139c irq5/0x800 eth3 rl0 (später nach booten von pfSense eingefügt) 00:30:..
  • memtest
  • aktuelles pfSense "Live CD with Installer" downloaden und auf CD brennen

Installation

  • erst pfSense default von CD starten
  • bei entsprechender Frage Optionen installieren (I) wählen
  • eventuelle Fehlermeldungen von fdisk bzgl. zu großer Sektoren etc. durch skip ignorieren
  • wie gewünscht neu booten, CD entfernen

Konfiguration

UMTS Router Vodafone   UMTS Router O2  ADSL (slow)
192.168.30.1           192.168.20.1    192.168.10.1 
    |                          |            |
255.255.255.0          255.255.255.0   255.255.255.0
    |                          |            |
192.168.30.10          192.168.20.10   192.168.10.10
    |                          |            |
    ------------ pfSense Box ---------------
                    |
                   LAN
                192.168.0.1
                255.255.255.0
          DHCP Y (192.168.0.100 - ....200)

pfSense console setup

  • LAN IP Address: 192.168.0.1 / 255.255.255.0
  • DHCP y
  • DHCP start address 192.168.0.100
  • DHCP end address 192.168.0.10

Setting up routers

...

Using the pfSense Wizard

General parameters screen

  • hostname
  • domain
  • Primary DNS server
  • Secondary DNS server
  • Allow DNS server list to be overridden by DHCP/PPP on WAN

Note: it is important to use one from each (or use a public DNS service) or you will loose internet access when one or other connections fails.

  • time server DNS name
  • Timezone

WAN configuration

  • Selected type
  • IP address
  • Gateway

password and reboot

OPT1, OPT2.OPTn interface

  • Optional 1 (WAN2) set up for a MultiWAN configuration
  • Optional 2 (WAN3) set up for a MultiWAN configuration
  • Optional n (WANn) set up for a MultiWAN configuration

From the pfSense menu select Interfaces - OPT1 and set up as follows:

  • enable Optional 1 interface: checked
  • Type: Static - assumes you are not using an address assigned by your ISP
  • Bridge with: None
  • IP address
  • Gateway
  • Checking interfaces

Interfaces set up for a MultiWAN configuration

From the pfsense menu select Interfaces - Assign and you should get an screen like the one of the right. Note your hex numbers (The MAC addresses) will be different.

Now to check that pfSense can see your modem routers you use Diagnostics - Ping. With WAN 1 selected, enter the IP address of your modem / router - 192.168.0.254 if you are using the guide values in this document.

If you are using using a modem / router without NAT, the check first that the WAN link is up and ping the DNS server address that you recorded earlier.

FTP helper: Check also that FTP helper is only enabled for the LAN interface. That is it should be disabled on all WAN interfaces


Setting up Load Balancing pools Overview how the various Pools and gateways are related, and how they can be used

This setup uses 3 pools

  1. One pool for load balanced use when both WANS are working
  2. One pool which prefers WAN 1, for use when WAN 2 has failed
  3. One pool which prefers WAN 2, for use when WAN 1 has failed 

These pools use the 2 gateways that are already established (by the interfaces WAN and WAN 2) to load balance and support failover when a WAN link fails Selecting a Monitor IP address

pfSense monitors each WAN connection by pinging the monitor address you specify. If the ping fails, the link is marked down and the appropriate failover configuration is used (actually if the ping fails it retries a few times to be sure, this avoids false indications of the connection going down).

Note that pfSense automatically sets up to route traffic to your monitor IP only down the link it is monitoring, so don't use a popular web site as this will force all its traffic down 1 link. Better to use a router or server in your ISP's network.

Good addresses to use your ISP's DNS server (1 from each ISP). The web interface makes it easy to pick these when setting up the pools later.

Other good monitor addresses are the default gateway your modem has assigned (if it responds to ping!), your ISP's webmail server, or a router within your ISP's network - you can find one of these by using traceroute to a public service, be careful though, larger ISPs will have networks that dynamically adapt so a router you see now may not be there an hour later!


After Wizard general setup

  • Go into 'Services' - 'DNS Forwarder', turn on
    • Register DHCP leases in DNS forwarder
    • Register DHCP static mappings in DNS forwarde
Meine Werkzeuge