[ previous ] [ next ] [ threads ]
 
 From:  "Holger Bauer" <Holger dot Bauer at citec dash ag dot de>
 To:  <m0n0wall at lists dot m0n0 dot ch>, "Mark Gilbert" <mgilbert at marinhd dot com>
 Subject:  RE: [m0n0wall] Object tracking
 Date:  Thu, 29 Jun 2006 10:15:23 +0200
If I get this right the alternate WAN-Gateway is inside the LAN subnet? It's not easily doable this
way. Easiest thing would be to set it up with just one router:

   WAN       WAN2
    |         |
    +--+   +--+
       |   |
      pfSense
       |   |
       |   +--LAN 192.168.101.0/24 
       |
       +------OPT1 192.168.102.0/24

I guess the way you have drawed the network it's a multilocation setup? The way you painted it
*might* work with involving advanced outbound NAT, however I have never tried a setup with a gateway
inside the LAN subnet (would have to become an OPT interface as the LAN interface doesn't support a
gateway entry). Also keep in mind that in this situation only one of the network is failovercapable
(the one with the local pfSense) and due to the roundrobin the link between Router1 and Router2 will
be used frequently. The remote m0n0 network wouldn't have the failover option.

However, I suggest moving this either to the pfSense forum or the pfSense mailinglis if a more in
depth discussion of this pfSense specific setup is needed.

Holger

> -----Original Message-----
> From: Mark Gilbert [mailto:mgilbert at marinhd dot com]
> Sent: Thursday, June 29, 2006 9:49 AM
> To: m0n0wall at lists dot m0n0 dot ch
> Subject: RE: [m0n0wall] Object tracking
> 
> 
> Thanks Holger,
> 
> But does the alternate wan port have to have a live internet 
> ip assigned
> to it or can it handle an internal IP which route to another internal
> router.  I hope my drawing is easy to understand.  If Wan 1 
> goes down, I
> would like to have wan 2 route traffic to the router2 -> router1 ->
> m0n0wall 1 and out to the internet.
> 
> See diagram:
> 
> http://mail.marinhd.com/new.png
> 
> Mark
> 
> 
> 
> 
> 
> -----Original Message-----
> From: Holger Bauer [mailto:Holger dot Bauer at citec dash ag dot de] 
> Sent: Wednesday, June 28, 2006 11:29 PM
> To: m0n0wall at lists dot m0n0 dot ch
> Subject: RE: [m0n0wall] Object tracking
> 
> pfSense can do loadbalancing pools with monitoring. This 
> means every new
> connection is thrown to the next WAN in the pool. If the 
> monitor IP of a
> WAN is not reachable anymore (it's polled every 5 seconds) 
> this WAN will
> be excluded from the pool temporarily until the poll succeeds again.
> Failover for single interfaces (use WAN1 and if down use WAN2) is not
> yet working but is a planned feature for the next version after 1.0 is
> out.
> 
> Holger
> 
> > -----Original Message-----
> > From: Mark Gilbert [mailto:mgilbert at marinhd dot com]
> > Sent: Thursday, June 29, 2006 8:19 AM
> > To: m0n0wall at lists dot m0n0 dot ch
> > Subject: RE: [m0n0wall] Object tracking
> > 
> > 
> > Could pfSense do this?  Instead of having the multiple wan 
> go out to 2
> > directly attached ISP's, could I point the alternate WAN 
> > interface to a
> > router which connects over a point to point T1 to a location with an
> > internet connection connected to a M0n0wall?  From what I read the
> > pfSense can do monitoring and failover if unable to ping an address
> > which it tries to reach over a specific interface.
> > 
> > 
> > Ex.
> > 
> >         >>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>
> >         >              >                                    >
> > >
> >         > m0n0wall 1   >                                    > 
> > m0n0wall 2
> > >
> >         >              >                                    >
> > >
> >         >>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>
> >                >                                                 >
> >                >                                              
> >    >Wan 1
> >                >                                                 >
> >         >>>>>>>>>>>>>>>>              >>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>
> >         >              > PT to PT T1  >              > WAN2 >
> > >
> >         >   ROUTER 1   >>>>>>>>>>>>>>>>   ROUTER 2   
> >>>>>>>>  pfSense
> > >
> >         >              >              >              >      >
> > >
> >         >>>>>>>>>>>>>>>>              >>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>
> > 
> > 
> > -----Original Message-----
> > From: Chris Buechler [mailto:cbuechler at gmail dot com] 
> > Sent: Wednesday, June 28, 2006 8:29 PM
> > Cc: m0n0wall at lists dot m0n0 dot ch
> > Subject: Re: [m0n0wall] Object tracking
> > 
> > On 6/28/06, Chris K Ellsworth <ckellsworth at yahoo dot com> wrote:
> > > Are you talking about BGP?,
> > >
> > 
> > Eh, what he was describing, I didn't really take as being 
> BGP (though
> > I'm actually having a discussion right now with someone 
> saying exactly
> > that).  BGP isn't going to help with certain network failures, and
> > definitely isn't going to be practical for most people's Internet
> > connections.
> > 
> > I saw it more as a feature for a dual/multiple WAN setup where you
> > can't get BGP, which would probably be 99.9+% of all Internet
> > connections.  I'm sure there are probably some of those commercial
> > multi WAN devices (for load balancing multiple Internet connections)
> > that do something like this.
> > 
> > -Chris
> > 
> > 
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> > 
> > 
> > 
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> > 
> > 
> 
> ____________
> Virus checked by G DATA AntiVirusKit
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 
> 

____________
Virus checked by G DATA AntiVirusKit