Hi Chuck, I'll try these suggestions this weekend. I let you know the results.
Thanks, Alex 2009/3/26 Chuck Mariotti <cmario...@xunity.com> > Alex, as I said before, I am not an expert on this and I’m not one to > look at XML config files. I am not completely convinced I have this working > 100%... but I’ll try to contribute. > > > > <dnsallowoverride/> is something I disabled on my config, so that the DNS > entries I specified are not taken over by the DHCP on WAN. Try to write down > some test IP addresses that are public that you can PING so that you try to > see if your connections/failover are working WITHOUT letting DNS get it the > way. I found DNS got in the way of trying to get things working first on an > IP level. > > > > The RULES you specify need to be in a certain order, refer back to your > install document, it should say something about the order the rules are to > appear in the chart (top down). Here are my RULES from my config: > > - <filter> > > - <rule> > > <type>pass</type> > > <interface>lan</interface> > > <max-src-nodes /> > > <max-src-states /> > > <statetimeout /> > > <statetype>keep state</statetype> > > <os /> > > - <source> > > <network>lan</network> > > </source> > > - <destination> > > <address>192.168.1.0/24</address> > > </destination> > > <log /> > > <descr>Make sure that DMZ1 traffic goes to the right interf</descr> > > </rule> > > - <rule> > > <type>pass</type> > > <interface>lan</interface> > > <max-src-nodes /> > > <max-src-states /> > > <statetimeout /> > > <statetype>keep state</statetype> > > <os /> > > - <source> > > <network>lan</network> > > </source> > > - <destination> > > <network>opt1</network> > > </destination> > > <descr>Make sure DMZ2 traffic goes to WAN2</descr> > > <gateway>opt1</gateway> > > </rule> > > - <rule> > > <type>pass</type> > > <interface>lan</interface> > > <max-src-nodes /> > > <max-src-states /> > > <statetimeout /> > > <statetype>keep state</statetype> > > <os /> > > - <source> > > <network>lan</network> > > </source> > > - <destination> > > <any /> > > </destination> > > <descr>Default LAN -> any via LoadBlanced WAN</descr> > > <gateway>LoadBalance</gateway> > > </rule> > > - <rule> > > <type>pass</type> > > <interface>pptp</interface> > > <max-src-nodes /> > > <max-src-states /> > > <statetimeout /> > > <statetype>keep state</statetype> > > <os /> > > - <source> > > <any /> > > </source> > > - <destination> > > <network>lan</network> > > </destination> > > <descr /> > > </rule> > > </filter> > > > > > > HERE IS MY LOAD BALANCE STATEMENT – It appears that you do not have a > monitorIP entry for each. I think it uses these to ping the monitor IP > addresses to verify that the WAN / WAN2 links are up and running. If not, it > fails over. In other words, if there is no response, it assumes the WAN link > is down. > > > > - <load_balancer> > > - <lbpool> > > <type>gateway</type> > > <behaviour>failover</behaviour> > > <monitorip>67.69.184.7</monitorip> > > <name>LoadBalance</name> > > <desc>Round robin load balancing</desc> > > <port /> > > <servers>wan|67.69.184.199</servers> > > <servers>opt1|67.69.184.7</servers> > > <monitor /> > > </lbpool> > > - <lbpool> > > <type>gateway</type> > > <behaviour>failover</behaviour> > > <monitorip /> > > <name>WANFailsToWAN2</name> > > <desc>WAN2 preferred when WAN fails</desc> > > <port /> > > <servers>opt1|67.69.184.7</servers> > > <servers>wan|67.69.184.199</servers> > > <monitor /> > > </lbpool> > > - <lbpool> > > <type>gateway</type> > > <behaviour>failover</behaviour> > > <monitorip>67.69.184.7</monitorip> > > <name>WAN2FailsToWAN</name> > > <desc>WAN preferred when WAN2 fails</desc> > > <port /> > > <servers>wan|67.69.184.199</servers> > > <servers>opt1|67.69.184.7</servers> > > <monitor /> > > </lbpool> > > </load_balancer> > > > > Are you able to get RED/GREEN/YELLOW entries when viewing Loadbalancing > under the Status menu? It should look something like this: > > *Name* > > *Type* > > *Gateways* > > *Status* > > *Description* > > LoadBalance > > gateway > (failover) > > wan > > opt1 > > Offline > > Last change Mar 25 2009 19:21:53 > > Online > > Last change Mar 25 2009 19:21:53 > > Round robin load balancing > > WANFailsToWAN2 > > gateway > (failover) > > opt1 > > wan > > Online > > Last change Mar 25 2009 19:21:53 > > Offline > > Last change Mar 25 2009 19:21:53 > > WAN2 preferred when WAN fails > > WAN2FailsToWAN > > gateway > (failover) > > wan > > opt1 > > Offline > > Last change Mar 25 2009 19:21:53 > > Online > > Last change Mar 25 2009 19:21:53 > > WAN preferred when WAN2 fails > > > > In this case, my MAIN WAN link is down (unplugged in fact). > > > > Let me know how it goes for you. > > > Regards, > > Chuck > > > > > > *From:* Alexsander Loula [mailto:alex.lo...@gmail.com] > *Sent:* Wednesday, March 25, 2009 10:08 PM > *To:* support@pfsense.com > *Subject:* Re: [pfSense Support] Multi-WAN with Fail Over > > > > This is my config: > > 2009/3/25 Chris Buechler <c...@pfsense.org> > > On Wed, Mar 25, 2009 at 4:15 PM, Alexsander Loula <alex.lo...@gmail.com> > wrote: > > > > Could you please share your XML config? > > > > The boxes don't belong to me, they're those of various support > customers, so no I can't. If you post yours maybe someone will tell > you what's wrong. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: support-unsubscr...@pfsense.com > For additional commands, e-mail: support-h...@pfsense.com > > Commercial support available - https://portal.pfsense.org > > >
