Kitz Forum
Broadband Related => Broadband Technology => Topic started by: tickmike on June 08, 2021, 04:32:51 PM
-
If I ever get FTTP I will want to load balance (Maybe it's not load balancing I want ?!) it with my ADSL2 connection (for my old emails).
So I have installed 'haproxy' on my spare pfSense firewall to test. Maybe I do not need haproxy :shrug2:
Anyone used it. ?
Edit..
I will have a ADSL2 3/0.7 Static IP PPPoE and FTTP 100/20 Static IP PPPoE, So I will need Two WAN inputs to the firewall, this why I thought using 'haproxy' as it has that function. (Do I need this app to add Two WAN's :-\)
For a max of 1 year I need to keep my Eclipse connection only for use of port 25 for my emails only.
The main internet access would be from the FTTP connection.
I have one pfSence firewall/router.
I am newish to pfSense :-\
Looking for guidance how to achieve this.
-
Wouldn't it make more sense to just statically route? If you can only access the email via an Eclipse/KCom IP you'll break things off connections aren't statically routed.
If you can reach without going through KCom the latency and bandwidth differences are too great to be viable and the ADSL is too slow for single threaded apps to run properly.
Just put static routes in place and some NAT. That'll be the cleanest solution.
-
I did wonder about the difference between the two connections.
Both connections will have static IP's and will use PPPoE.
I can only use Eclipse port 25 for there Eclipse emails on there internet connection.
Can you give an example how to do it as pfSense only has one PPPoE set up now, I would need two PPPoE dial ups.
-
Basically in Firewall -> Aliases create an Alias with the domain name(s) you use for mail.
Then in Firewall -> Rules -> LAN add a rule above the one that directs Any source traffic and Any destination to the WAN (this is usually the last rule).
The new rule has Source Any and destination the Alias you just created, setting the correct WAN in the Gateway section under Advanced.
This is what I love about pfSense, you can easily see what the rules are supposed to be doing. Basically any client on the LAN trying to access the Aliased domains (their IP addresses) gets directing out the specified WAN.
-
I have just tried to explain better in my first post what I want to achieve., so I have Edited the first post please all re-read.
I do not think 'Load Balancing' is the correct term.
-
If I ever get FTTP I will want to load balance (Maybe it's not load balancing I want ?!) it with my ADSL2 connection (for my old emails).
So I have installed 'haproxy' on my spare pfSense firewall to test.
Anyone used it. ?
Edit..
I will have a ADSL2 3/0.7 and FTTP 100/20 So I will need Two WAN inputs to the firewall, this why I thought using 'haproxy' as it has that function.
For a max of 1 year I need to keep my Eclipse connection only for use of port 25 for my emails only.
The main internet access would be from the FTTP connection.
I have one pfSence firewall/router.
Looking for guidance how to achieve this.
So you're looking to share traffic across your two connections? pfsense has this built-in :) no need to install HAproxy, which I believe is more for balancing incoming traffic between servers. If that is the case, the docs are pretty good https://docs.netgate.com/pfsense/en/latest/multiwan/load-balance-and-failover.html (https://docs.netgate.com/pfsense/en/latest/multiwan/load-balance-and-failover.html).
Given the low adsl speed, I'd question whether there's any point sharing connection, but you may want to use it as a failover. Alex's advice regarding ensuring the Eclipse mail traffic goes over the ADSL connection sounds spot on to me though and will be needed if it can only be accessed over the ADSL connection.
C
-
Thanks.
I will have a read though the doc's and try some settings on my spare pfSense also try Alex's idea.
Now just got to sort out my spare laptop which had updates yesterday and it killed the Ethernet card >:D which I need to connect to this spare firewall for testing. :(
-
I load balance 2 WAN ADSL (PPPoE) connections on my pfsense router, I followed the guide here (https://docs.netgate.com/pfsense/en/latest/multiwan/load-balance-and-failover.html) to set it up, it works fine. I don't use haproxy, not sure whether it would be better than my current setup, pfsense supports multi wan load balancing natively.
With my setup and without (much more expensive) bonded connections only a few kinds of applications can utilise the full bandwidth of both connections at the same time e.g. P2P type stuff.
In practice its not much of a problem though as it is generally transparent to users which connection they are using and pfsense does a pretty good job of managing load balancing and failover, just make sure you select the 'sticky connections' option when you set it up
C
-
As mentioned, haproxy is for load balancing a single WAN to multiple LAN servers (https://www.servethehome.com/how-to-haproxy-ha-load-balance-a-web-server-with-a-pfsense-sg-4860/) rather than the other way around which can be easily done using NAT rules.
Example, what I'm doing:
(https://csdprojects.co.uk/pfSense/WAN Policy Routing.png)
-
Thanks all.
I have still got to put this on hold as I need to get the Ethernet card working on my spare laptop to connect to pfSense .
A simple PCLinuxOS update has killed it and lots of other people are having grief trying to get things working again.
The joys of Linux :(
-
At long last I have my Ethernet connection now working on my spare laptop and I have that hooked up to my spare pfSense firewall only.
Un-installed 'haproxy' It was not needed.
Set up the Two WAN's
I have set up the new WAN = TN_WAN using a spare NIC
And the WAN that was already set up, now named = E_WAN
I had a go at setting up 'FailOver' TN_WAN will be Tier 1 (default).
and if that goes down E_WAN = Tier 2 and should take over I hope :-\
So I think :-\ I have followed Alex's set up details for Eclipse emails on E_WAN. :)
I have moved my 'port' forwarding rule for my backup server from E_WAN to TN_WAN that goes to my 'Orange' LAN just for the backup server use.
Now E_WAN is complaining that because I have no rules all will be block All. :'(
Do you think because only port 25 is going to be used for my Eclipse emails (**Except in Failover !) I could set up some kind of rule for the E_WAN to stop it complaining ?.
** I will need another rule in Failover that it use's the full ADSL2 connection not just port 25.
Any ideas please.
-
You could setup a thinkbroadband monitor to ping the adsl and then setup a rule to allow it to do so..
-
WAN rules and port forwarding are regarding INCOMING connections initiated from the Internet, you don't need any unless you are have incoming services on the LAN you need accessible from the WAN, or to enable ICMP response for ping, stuff like that.
If you want to specifically access an e-mail server at Eclipse then you would create an Alias for their e-mail server hostname (this allows pfSense to automatically do a DNS lookup on it in case it uses more than one IP address) then create a LAN rule that sends any attempt to connect to that server down the Eclipse WAN. I do the same for US sites that are region locked in the following pic (cropped entries you can leave default/empty).
-
WAN rules and port forwarding are regarding INCOMING connections initiated from the Internet, you don't need any unless you are have incoming services on the LAN you need accessible from the WAN, or to enable ICMP response for ping, stuff like that.
:-[ Thanks for the reminder, It's that I have never used a Two WAN set up before.
If you want to specifically access an e-mail server at Eclipse then you would create an Alias for their e-mail server hostname
Think I have done that.
-
Now I have FTTP :) also keeping my ADSL2 connection I set up pfSense for Dual WAN with ADSL2 for 'FailOver' if FTTP goes down.
That seems to work ok. :)
But Sending of Eclipse email only over ADSL2 port 25 Does Not Work with Dual WAN set up, But Does still work when only ADSL2 is up and FTTP is Down.
I created an Alias>Firewall
with name Eclipse_Mail
and used
smtp.eclipse.co.uk as the domain name .
Then set a rule up.
Firewall>Rules
Action = pass
Interface = LAN
Protocol = Any
Source = Any
Destination = Alias = Eclipse_Mail
setting the correct WAN in the Gateway section under Advanced.
Save.
I get an Error Message.
An Error Occurred While Sending Mail: The Mail Server Sent An Incorrect Greeting:
Looks like it's just trying to use port 25 on FTTP WAN Not ADSL2 WAN :-\
-
I think I ran into this when I had my default gateway on pfSense set to failover, I had to set it a different gateway group that load balanced instead. This does not impact LAN traffic as that is directed by the Firewall rules.
Another possibility is I've had aliases fail in the past to do the DNS lookup properly, so maybe find the IP and add it manually as an additional entry in the alias, just in case?