Outgoing Load Balancing mini-howto

Requirements

You need to have static gateways at your interfaces to use this feature. In case you have dynamic ADSL lines you can "fake" static IPs by using Modemrouters in front of you WANs and use their internal IPs as fake static gateways. If your modemrouters support a DMZ IP enter the WAN IP of the appropriate pfSense WAN/OPTx Interface there. This way all the traffic will be forwarded to the pfSense and you can controll everything else there (firewall, nat, ...).

In case your WANs are assigned via DHCP and have a very long lease (which won't expire as long as the pfSense renews it) you can use the gateways you got assigned as static gateways too. However, be prepared to edit your pool when your DHCP assignment changes.

Setup the pools

1. visit services -> load balancer
2. delete any pools that are there that do not work
3. add a new pool and call it loadbalancetowans or something descriptive
4. set the description to load balancing from lan -> internet or something descriptive
5. set the type to gateway
6. in the Monitor IP box, put the IP address of a host behind the gateway you will enter in the next step that can be polled (via ICMP) to ensure link is up (depending on your setup the gateway itself or one of the next hops near you is recommended)
7. in the IP box type in the IP address of the gateway (this has to be one of the gateways configured at WAN or OPTx's)
8. add a Monitor IP and gateway IP for each additional OPT interface
9. click save

Note that the gateway addresses need to be different for each interface -- pfSense creates a static route to ensure that the test pings go through the right interface.

Create NAT-Rules for your WAN-POOL (now optional, only needed if you use advanced outbound NAT for something else too)

1. visit firewall>NAT>Outbound
2. enable advanced outbound nat
3. check the automatically created rules.
4. create rules for all your internal networks to map to OPT interfaces.. (one rule for each internal network to each opt-interface in the pool)
5. Apply the changes

Policy based balancing

1. Edit a firewall rule on the LAN or Optional interfaces.
   • NOTE! We do not recommend editing the default pass all rule! Create a new rule before the default rule for your policy.
2. Set the gateway to the newly created pool if you always want the given traffic to route out one link

Notes about DNS

1. DNS can be controlled by adding advanced outbound NAT entries forcing traffic to X dns server to go out that paticular pipe
2. Static routes is an alternative to using advanced outbound NAT entries

Terms

• Monitor IP: The IP address that the pool will ensure that there is connectivity. When pfSense cannot ping this IP it will consider the pool being down.

Your load balancer is ready. Eat your heart out commercial goo.

Categories

CategoryHowTo