pfSense Load Balancing: Part Two

In part one on my series on pfSense load balancing, we configured the two WAN gateways. In part two of this series on pfSense load balancing, we will set up a load balanced gateway group.

pfSense Load Balancing: Configuring Interfaces for MultiWAN

pfSense Load Balancing

Configuring the WAN interface.

First, we must configure the interfaces. Navigate to Interfaces -> WAN. and click on “Enable Interface” if it is not already checked. At “Type“, change the interface type to “Static“. At “Static IP Configuration“, type in an IP address (in this case, 192.168.3.12). Select “24” in the drop-down box next to the IP address edit box, to indicate the proper network prefix. This is important, because if the network prefix is not set, we will not be able to enter a monitor IP address later on. At “Gateway“, specify the WAN gateway (192.168.3.11). Set Leave “Block private networks” and “Block bogon networks” checked. Press the “Save” button to save the changes and on the next page press “Apply changes” if necessary.


Now the OPT1 interface must be configured. Navigate to Interfaces -> OPT1 and click on “Enable Interface”. At “Type“, change the interface type to “Static“. At “Static IP Configuration”, type in an IP address (in this case, 192.168.3.2). Again, select “24” in the drop-down box to indicate the network prefix. At “Gateway“, specify the WAN gateway (192.168.3.1).Again, leave “Block private networks” and “Block bogon networks” checked. Press the “Save” button to save the changes and on the next page press “Apply changes” if necessary.

pfSense Load Balancing: Creating the Gateway Group

pfSense Load Balancing

Adding a gateway group in pfSense 2.0.

Now that both interfaces are configured, we can create the gateway group. Navigate to System -> Routing and click on the “Groups” tab. At “Group Name”, enter a name (e.g., “MultiWAN”). At “Gateway Priority“, set both WAN and WAN2 to “Tier 1”. Leave the “Trigger Level” at “Member Down”, and at “Description“, enter a description (e.g., “WAN gateway group”).Press the “Save” button to save the changes and on the next page press “Apply changes” if necessary.


Before we go any further, we may want to enter a Monitor IP. Click on the “Gateways” tab at System -> Routing and click on the “edit” button for WAN. At “Monitor IP“, enter an alternative monitor IP or domain name (I opted for Google, so I entered Google’s IP, 173.194.43.33). Once this is done, click the “Save” button to save changes. Repeat this procedure for the WAN2 interface (it would be prudent to choose a different monitor IP, so that a failure of the host selected for the monitor IP does not result in pfSense thinking both gateways are down). Once you have pressed the “Save” button on the WAN2 configuration page, press “Apply Changes” on the next page if necessary.

pfSense Load Balancing: Adding a Firewall Rule

Now all that is left to do is to configure a firewall rule. Navigate to Firewall -> Rules and click the “plus” button to create a new firewall rule. At “Action“, select “pass” in the drop-down box. At “Interface“, be sure to select the LAN interface. At “Protocol“, set the protocol to “any”. At “Source“, set the source to “any”, and at “Destination”, set the destination to any. At “Description“, add a description. Scroll down to “Advanced¬†features” and press the “Advanced” button next to “Gateway“. Select “MultiWAN” as the gateway. Then press “Save” to save the changes and on the next page, press “Apply Changes” if necessary.

Now, all traffic from our LAN will go through the gateway group. Since the gateway group consists of two WAN gateways on the same level of priority, traffic will alternate back and forth in round-robin fashion. Also, because each gateway within the group is monitoring an external IP address, pfSense will know when a gateway is down and exclude that member from the group.

Other Articles in This Series:

pfSense Load Balancing: Part One

pfSense Load Balancing: Part Three (Web Server Failover)

External Links:

Configure Load Balancing on Your Site Using the pfSense Firewall

Be Sociable, Share!

Speak Your Mind

*

© 2013 David Zientara. All rights reserved. Privacy Policy