PfSense als load balancer (Multi-WAN Version 1.2.x)

Aus ConfigWiki
Wechseln zu: Navigation, Suche

Inhaltsverzeichnis

Ziel

Die Idee ist, ein Gerät zu konfigurieren, das

  • 1 LAN mit mehreren WAN verbindet,
  • load balancing gewährleistet,
  • fall back Funktionalität bietet.


Fehler beim Erstellen des Vorschaubildes: Die Miniaturansicht konnte nicht am vorgesehenen Ort gespeichert werden
UMTS Router Vodafone   UMTS Router O2  ADSL (slow)
    |                          |            |
    ------------ pfSense Box ---------------
                    |
                   LAN

externe Anleitung

Multi-WAN Version 1.2.x

Hardware

Hardware Architectures

pfSense is supported only on the x86 architecture. The types of devices supported range from standard PCs to a variety of embedded devices. It is targeted at x86-based PCs 300 MHz or faster.

Minimum Hardware Requirements

PII / 128MB

Unsere Hardware

  • AMD Duron800
  • 512MB DDR400
  • 1x Realtek RTL8139c
  • 1x 3Com 3c905-TX
  • 2x 3Com 3c905-TX-M

Vorbereitung / HW-Bastelei

  • Zusammenbau
  • Notieren der Netzwerkkarten in Einbaureihenfolge von oben nach unten
  • Knoppix booten, Netzwerkkarten testen (ping) Tabelle anlegen
NIC-Name IRQ/Base Linux-Dev-Name BSD-Dev-Name MAC
3c905-TX irq5/0xD400 eth0 xl0 (später nach booten von pfSense eingefügt) 00:60:..
3c905-TX-M irq11/0xAF80 eth1 xl1 (später nach booten von pfSense eingefügt) 00:04:..
3c905-TX-M irq5/0xFF00 eth2 xl2 (später nach booten von pfSense eingefügt) 00:01:..
RTL8139c irq5/0x800 eth3 rl0 (später nach booten von pfSense eingefügt) 00:30:..
  • memtest
  • aktuelles pfSense "Live CD with Installer" downloaden und auf CD brennen

Installation

  • erst pfSense default von CD starten
  • bei entsprechender Frage Optionen installieren (I) wählen
  • eventuelle Fehlermeldungen von fdisk bzgl. zu großer Sektoren etc. durch skip ignorieren
  • wie gewünscht neu booten, CD entfernen

Konfiguration

UMTS Router Vodafone   UMTS Router O2  ADSL (slow)
192.168.30.1           192.168.20.1    192.168.10.1 
    |                          |            |
255.255.255.0          255.255.255.0   255.255.255.0
    |                          |            |
192.168.30.10          192.168.20.10   192.168.10.10
    |                          |            |
    ------------ pfSense Box ---------------
                    |
                   LAN
                192.168.0.1
                255.255.255.0
          DHCP Y (192.168.0.100 - ....200)

pfSense console setup

  • LAN IP Address: 192.168.0.1 / 255.255.255.0
  • DHCP y
  • DHCP start address 192.168.0.100
  • DHCP end address 192.168.0.10

Setting up routers

...

Using the pfSense Wizard

General parameters screen

  • hostname
  • domain
  • Primary DNS server
  • Secondary DNS server
  • Allow DNS server list to be overridden by DHCP/PPP on WAN

Note: it is important to use one from each (or use a public DNS service) or you will loose internet access when one or other connections fails.

  • time server DNS name
  • Timezone

WAN configuration

  • Selected type
  • IP address
  • Gateway

password and reboot

OPT1, OPT2.OPTn interface

  • Optional 1 (WAN2) set up for a MultiWAN configuration
  • Optional 2 (WAN3) set up for a MultiWAN configuration
  • Optional n (WANn) set up for a MultiWAN configuration

From the pfSense menu select Interfaces - OPT1 and set up as follows:

  • enable Optional 1 interface: checked
  • Type: Static - assumes you are not using an address assigned by your ISP
  • Bridge with: None
  • IP address
  • Gateway
  • Checking interfaces

Interfaces set up for a MultiWAN configuration

  • From the pfsense menu select Interfaces - Assign and you should get an screen like the one of the right. Note your hex numbers (The MAC addresses) will be different.
  • Now to check that pfSense can see your modem routers you use Diagnostics - Ping. With WAN 1 selected, enter the IP address of your modem / router - 192.168.0.254 if you are using the guide values in this document.
  • If you are using using a modem / router without NAT, the check first that the WAN link is up and ping the DNS server address that you recorded earlier.
  • FTP helper: Check also that FTP helper is only enabled for the LAN interface. That is it should be disabled on all WAN interfaces

Setting up Load Balancing pools

  • pools
  1. One pool for load balanced use when both WANS are working
  2. One pool which prefers WAN 1, for use when WAN 2 has failed
  3. One pool which prefers WAN 2, for use when WAN 1 has failed
  • These pools use the 3 gateways that are already established (by the interfaces WAN and WAN 2) to load balance and support failover when a WAN link fails
Meine Werkzeuge