In this tutorial I will be show you how to configure a WAN Load Balancing and Failover server using PFsense 2.xx
My Network Diagram:
Requirements: PFsense v2 with 4 network adapter, 2 Internet Connection
1. Load Balacing Configuration
Configuring the network Interfaces. Go to Interfaces> click WAN and change the WAN name to WAN1, then set the IP address to 172.16.1.1/24
Make sure you set a gateway on this interface
To add a gateway on WAN1, below on IP Address there is a small
“add new one” click on it, and set your gateway to 172.16.1.254 which is the IP address of your Modem1
Do the same thing to WAN2
Set the IP Address to 172.16.10.1/24
Gateway 172.16.10.254
For LAN, set the IP address to 192.168.1.1/24 and note: in this case do not set any gateway
Make sure to un-check the “block private networks” and “block bogon networks”
For Wireless Interface
Set IP Address to 192.168.10.1
Also no gateway on this interface
Now we need to add two different DNS server, one pointing to WAN1 and the other one to WAN2, in our example below we use googleDNS for WAN1 and openDNS to WAN2
Go to System > General Setup
Next we need to edit the monitor IP address for each gateway
Go to System > Routing
On WAN1 set the Monitor IP to googleDNS – 8.8.8.8
On WAN2 set the Monitor IP to openDNS – 208.67.222.222
Monitor IP is the “always up” server from the internet that allow to response ICMP packet
Next we need to create a group for each connection
Go to System > Routing > Groups
Click the (+) button, set the group name to “LoadBalance”
Also set the gateway priority to same tier, just select “Tier1” to each gateway, on Trigger Level set to “Packet Loss or High Latency” and you can set the description anything you want. Press Save to save our configuration.
Next we need to create another group call “Failover1” if WAN1 fail then it will go automatically to WAN2
Set the group name to “Failover1” also set the gateway priority to different tier, select “Tier1” for gateway1, and “Tier2” for gateway2, on Trigger Level set to “Packet Loss” and again you can set the description anything you want. Press Save to save our configuration.
Again, we need to create another group call “Failover2” in this case if WAN2 fail then it will go automatically to WAN1
Set the group name to “Failover2” also set the gateway priority to different tier, select “Tier2” for gateway1, and “Tier1” for gateway2, on Trigger Level set to “Packet Loss” and again you can set the description anything you want. Press Save to save our configuration.
The configuration should look like this
To make all this configuration work, we need to apply it to our firewall rule
Go to Firewall > Rules
Select LAN tab, click on (+) button to add a new rule
Set Protocol to – Any
Source to – LAN Subnet
Description to – Anything you want
Leave the other settings to default
And in the “Advance features” set the Gateway to – LoadBalance, that is the group we just created
Just click Save to save the configuration
Next we need to create another rule for “Failover1” and “Failover2”
“Failover1”
“Failover2”
Now it’s done, to test the failover unplug your modem1 it should automatically redirect to your second connection.
Note:
Below Rules are optional if you want to add WiFi router separately with separate ip and subnet.
On Wireless rule we do the same configuration, just go to “Wireless” Tab
Wireless LoadBalance Rule
Wireless Failover1 Rule
Wireless Failover2 Rule repeat same step as failover2 in gateway.
Now we will configure the DHCP server for LAN and Wireless adapter
Go to Services > DHCP server
Click on “LAN” Tab
Set the IP range from 192.168.1.101 to 192.168.1.130 this range allow 30 dhcp users in LAN network
DHCP range for LAN
Do the same thing on the “Wireless” Tab
DHCP range for Wireless
We also need to configure the DHCP forwarder.
Go to Services > DHCP forwarder
Note: You need to disable DHCP server on your wireless access point in order to user our DHCP
No comments:
Post a Comment