Small update here showing the new config screen from pfSense 1.2.3, its obviously way easier now compared to the alpha days but this page is still helpful for some configurations
A Howto on BSD Wan routing, The ultimate router turns out being one of the easiet to get running.
Be sure to see my page on dual wan routing if you need a better understanding of how it works.
Well, lets start by giving you an idea of the hardware I will be using for this project, I got hold of some old equipment, my weapons of choice in this case will be a Dual CPU Intel MOBO with 2 P3 500Mhz (Katmai) Chips each with 512kb of cache, 2 4.3GB IDE Seagates and 4 128 SDRAM modules.
I will use the onboard NIC to link all of this into the network and will be using two 3COM Parallel II Nics for the WAN ports, these are 10MBit cards but it will be perfect for this project since I will be bundling far less bandwidth than that. The Onboard NIC is 100Mbit which gives me plenty overhead room when working on the server without any negative effect on my bandwidth. Put everything together and your ready to get going. (PIC below is short 1 NIC)
Right, the question your asking is what distro are we going to use, well I have opted for PfSense which is a BSD router project based on FreeBSD 6.0. The project is currently an Alpha but it certainly gets the job done. Download the livecd and your ready to install.
Boot the cd and install the system to your harddrive, setup the required information, I am not going to go into detail about every single setting, if your building a firewall/router like this you should know what an IP address is 😛
Once you have your devices all configured and your ready to get your load balancing working simply do the following;
Setup the pools
- visit services -> load balancer
- delete any pools that are there that do not work
- add a new pool and call it loadbalancetowans or something descriptive
- set the description to load balancing from lan -> internet or something descriptive
- set the type to gateway
- in the Monitor IP box, put the IP address of a host upstream from the router that can be polled (via tcp socket) to ensure link is up
- in the IP box type in the lan IP address of the router
- add a Monitor IP and router IP for each additional OPT interface
- click save
Create NAT-Rules for your WAN-POOL
- visit firewall>NAT>Outbound
- enable advanced outbound nat
- check the automatically created rules.
- create rules for all your internal networks to map to OPT interfaces.. (one rule for each internal network to each opt-interface in the pool)
- Apply the changes
From there it should work, if not simply change the default gateway in the default firewall rule to your newly created pool;
The rest of the configuration is pretty standard stuff and just remember to backup EVERYTIME before you get a bright idea and want to change something.