[ previous ] [ next ] [ threads ]
 
 From:  krt <kkrrtt at gmail dot com>
 To:  Mark Gilbert <mgilbert at marinhd dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Object tracking
 Date:  Thu, 29 Jun 2006 01:02:09 -0700
pfSense makes no distinction between routeable and private addressing, 
other than a unique firewall object for the rfc1918 networks.  In other 
words, it can handle an internal and external WAN address, as your 
diagram describes.



Mark Gilbert wrote:
> Thanks Holger,
> 
> But does the alternate wan port have to have a live internet ip assigned
> to it or can it handle an internal IP which route to another internal
> router.  I hope my drawing is easy to understand.  If Wan 1 goes down, I
> would like to have wan 2 route traffic to the router2 -> router1 ->
> m0n0wall 1 and out to the internet.
> 
> See diagram:
> 
> http://mail.marinhd.com/new.png
> 
> Mark
> 
> 
> 
> 
> 
> -----Original Message-----
> From: Holger Bauer [mailto:Holger dot Bauer at citec dash ag dot de] 
> Sent: Wednesday, June 28, 2006 11:29 PM
> To: m0n0wall at lists dot m0n0 dot ch
> Subject: RE: [m0n0wall] Object tracking
> 
> pfSense can do loadbalancing pools with monitoring. This means every new
> connection is thrown to the next WAN in the pool. If the monitor IP of a
> WAN is not reachable anymore (it's polled every 5 seconds) this WAN will
> be excluded from the pool temporarily until the poll succeeds again.
> Failover for single interfaces (use WAN1 and if down use WAN2) is not
> yet working but is a planned feature for the next version after 1.0 is
> out.
> 
> Holger
> 
> 
>>-----Original Message-----
>>From: Mark Gilbert [mailto:mgilbert at marinhd dot com]
>>Sent: Thursday, June 29, 2006 8:19 AM
>>To: m0n0wall at lists dot m0n0 dot ch
>>Subject: RE: [m0n0wall] Object tracking
>>
>>
>>Could pfSense do this?  Instead of having the multiple wan go out to 2
>>directly attached ISP's, could I point the alternate WAN 
>>interface to a
>>router which connects over a point to point T1 to a location with an
>>internet connection connected to a M0n0wall?  From what I read the
>>pfSense can do monitoring and failover if unable to ping an address
>>which it tries to reach over a specific interface.
>>
>>
>>Ex.
>>
>>        >>>>>>>>>>>>>>>>
>>
>>        >              >                                    >
>>
>>        > m0n0wall 1   >                                    > 
>>m0n0wall 2
>>
>>        >              >                                    >
>>
>>        >>>>>>>>>>>>>>>>
>>
>>               >                                                 >
>>               >                                              
>>   >Wan 1
>>               >                                                 >
>>        >>>>>>>>>>>>>>>>              >>>>>>>>>>>>>>>>
>>
>>        >              > PT to PT T1  >              > WAN2 >
>>
>>        >   ROUTER 1   >>>>>>>>>>>>>>>>   ROUTER 2   >>>>>>>>  pfSense
>>
>>        >              >              >              >      >
>>
>>        >>>>>>>>>>>>>>>>              >>>>>>>>>>>>>>>>
>>
>>
>>-----Original Message-----
>>From: Chris Buechler [mailto:cbuechler at gmail dot com] 
>>Sent: Wednesday, June 28, 2006 8:29 PM
>>Cc: m0n0wall at lists dot m0n0 dot ch
>>Subject: Re: [m0n0wall] Object tracking
>>
>>On 6/28/06, Chris K Ellsworth <ckellsworth at yahoo dot com> wrote:
>>
>>>Are you talking about BGP?,
>>>
>>
>>Eh, what he was describing, I didn't really take as being BGP (though
>>I'm actually having a discussion right now with someone saying exactly
>>that).  BGP isn't going to help with certain network failures, and
>>definitely isn't going to be practical for most people's Internet
>>connections.
>>
>>I saw it more as a feature for a dual/multiple WAN setup where you
>>can't get BGP, which would probably be 99.9+% of all Internet
>>connections.  I'm sure there are probably some of those commercial
>>multi WAN devices (for load balancing multiple Internet connections)
>>that do something like this.
>>
>>-Chris
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>>
>>
> 
> 
> ____________
> Virus checked by G DATA AntiVirusKit
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 
>