pfsense is a FreeBSD router OS that can be installed on embedded systems or PC/Server PC hardware. Its a free, open source customized distro based off of FreeBSD 7 specifically tailored for use as a firewall and router. Its one of the most secure router OS’s out there. Large corporation and universities use this router OS because of the stability, failover, and stacking capabilities. If you have heard of M0n0wall or IPCop then you should have an idea what pfsense is.
For my use I used the same exact hardware that I used to build the IPCop router that I reported on 3 posts ago.
List of Features
And More. For a full listing see the complete features site
I will show you how to enable Load Balancing with Dual WAN on your pfsense router. Some may ask why would you need Dual WAN. Failover, incase you have mission critical data that needs to be accessed at all times like off site backup and for load balancing. Load balancing will balance the load (or bandwidth use) between your Internet links. Many companies do this to decrease latency and to get more bandwidth for many users while saving money.
I will assume you have pfsense loaded and you have already setup two WAN connections on your firewall.
- Once this is complete visit services -> load balancer
- Delete any pools that are there that do not work
- Click to enter a new pool.
- Enter a pool name and description
- Set the type to gateway
Now we need to add a monitor IP for the router to monitor the link status of the pool.
- For the Monitor IP select WAN Gateway
- In the Interface Name field choose WAN and click Add to Pool
- Now Go back to Monitor IP and Select your OPT1’s Gateway
- In the Interface Name Field choose OPT1 and click Add to Pool
You should see that the WAN gateway has a different gateway address then the OPT1 gateway. If not then pfsense will not work correctly. You will have to put a bridge between that interface to ensure pfsense has two different gateways. If you have trouble with this please contact me. Basically pfsense does not support the same gateway on multiple networks right now.
- Click Save
Now go to Status -> Load Balancer to see if everything is working fine. It should report Online.
If you followed my directions and it does not show online after 15 minutes then that gateway may not respond to ICMP traffic. For your monitor IP use 22.214.171.124 which is an any cast DNS Server.
We must create NAT rules now.
- Go to Firewall -> Nat -> Outbound
- Enable AON
You should have a rule in there for the WAN to any Gateway already. This is automatically created. Now you need to enter one for OPT1
- Click Add and Copy the WAN setup but the Interface will now be OPT1
- Apply the Changes.
From here it may work but you may need to make one more change.
- Go to Firewall -> Rules -> LAN
- Edit your existing LAN net entry. Modify the gateway from default to the Load Balancer
It should look like
Your Done! What you can do to check to see if Load Balancing if working properly is try to go online. If you can get to Google then your Connection is working properly. Go to http://pfsense.org/ip.php and click refresh a couple of times. Your Public IP should switch back and forth. This means that load balancing if working. The reason your public IP should change is because the Load Balancing Feature works in a Round Robin fashion. Every new session is will oscillate between gateways. This also means that if you test your Internet Connection speed on www.speedtest.net you will not see the combined speed of both networks. You will see the combined speed when you use applications that use multiple sessions like peer to peer applications.
EDIT: if you have problems with the pools being uneven and you cannot figure it out even after deleting the pool and starting over flowing my directions then please see Greg’s comments below. He used Google and Yahoo as the Ping IP and configured the Pool using the “other” option.
EDIT2: Comments by SAM:
1. Go to System\routing. On the gateways tab add a gateway for each of your interfaces, eg: WAN and OPT1
2. Under System\routing. On the groups tab create a group and assign each gateway the priority of “Tier 1″, the trigger can be “member down”
3. Go to Firewall\rules. On the LAN tab, edit the default rule. Press the button for “Gateway” under advanced features and change it to the name of the gateway group you created in step 2.
You should be up and running.
This was confusing to find since dual wan was moved from Services\Loadbalancer to the System|Routing tab. Monitor IP’s are now configured on the gateway tab.
Edit 15 Mar 10: changed IP addr link to http://pfsense.org/ip.php