Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Author Topic: Two WAN's One pfSense With 'haproxy' (please re-read first post more info added)  (Read 202 times)

tickmike

  • Kitizen
  • ****
  • Posts: 3521
  • Yes Another Penguin !. :)
    • Free Download from.

If I ever get FTTP I will want to load balance (Maybe it's not load balancing I want ?!) it with my ADSL2 connection (for my old emails).

So I have installed 'haproxy' on my spare pfSense firewall to test. Maybe I do not need haproxy  :shrug2:

Anyone used it. ?

Edit..
I will have a ADSL2 3/0.7 Static IP PPPoE and FTTP 100/20 Static IP PPPoE,  So I will need Two WAN inputs to the firewall, this why I thought using 'haproxy' as it has that function. (Do I need this app to add Two WAN's   :-\)

For a max of 1 year I need to keep my Eclipse connection only for use of port 25 for my emails only.
The main internet access would be from the FTTP connection.
I have one pfSence firewall/router.

I am newish to pfSense  :-\
Looking for guidance how to achieve this.
« Last Edit: June 09, 2021, 12:08:21 PM by tickmike »
Logged
I RECOMMEND TRYING PCLinuxOS (www.pclinuxos.com).
I have a set of 6 fixed IP's From my Kcom Business isp.
BT ADSL2 (G992.3) line>HG612 as a Modem, Bridge, WAN Not Bound to LAN1 or 2 >pfSense (Hardware Firewall and routing) > Ethernet LAN, DMZ,WiFI LAN and Spare LAN .
DSLstats LAN2 linked Ethernet

CarlT

  • Kitizen
  • ****
  • Posts: 1798
  • Random network numpty
Re: Load Balancing pfSense With 'haproxy'
« Reply #1 on: June 08, 2021, 04:43:10 PM »

Wouldn't it make more sense to just statically route? If you can only access the email via an Eclipse/KCom IP you'll break things off connections aren't statically routed.

If you can reach without going through KCom the latency and bandwidth differences are too great to be viable and the ADSL is too slow for single threaded apps to run properly.

Just put static routes in place and some NAT. That'll be the cleanest solution.
Logged
BT Retail Full Fibre 900 // Zen Full Fibre 900 // Faelix FTTP 300 via a Mikrotik CCR2004-1G-12S+2XS.
1 * CSS326-24G-2S+RM, 2 * CRS309-1G-8S+IN, 2 * CRS305-1G-4S+IN all connected via Invisilight SMF, wife required subtlety, and DACs.

tickmike

  • Kitizen
  • ****
  • Posts: 3521
  • Yes Another Penguin !. :)
    • Free Download from.
Re: Load Balancing pfSense With 'haproxy'
« Reply #2 on: June 08, 2021, 05:56:45 PM »

I did wonder about the difference between the two connections.

Both connections will have static IP's and will use PPPoE.

I can only use Eclipse port 25 for there Eclipse emails on there internet connection.

Can you give an example how to do it as pfSense only has one PPPoE set up now, I would need two PPPoE dial ups.

Logged
I RECOMMEND TRYING PCLinuxOS (www.pclinuxos.com).
I have a set of 6 fixed IP's From my Kcom Business isp.
BT ADSL2 (G992.3) line>HG612 as a Modem, Bridge, WAN Not Bound to LAN1 or 2 >pfSense (Hardware Firewall and routing) > Ethernet LAN, DMZ,WiFI LAN and Spare LAN .
DSLstats LAN2 linked Ethernet

Alex Atkin UK

  • Kitizen
  • ****
  • Posts: 2510
    • Thinkbroadband Quality Monitors
Re: Load Balancing pfSense With 'haproxy'
« Reply #3 on: June 08, 2021, 09:58:56 PM »

Basically in Firewall -> Aliases create an Alias with the domain name(s) you use for mail.
Then in Firewall -> Rules -> LAN add a rule above the one that directs Any source traffic and Any destination to the WAN (this is usually the last rule).
The new rule has Source Any and destination the Alias you just created, setting the correct WAN in the Gateway section under Advanced.

This is what I love about pfSense, you can easily see what the rules are supposed to be doing.  Basically any client on the LAN trying to access the Aliased domains (their IP addresses) gets directing out the specified WAN.
« Last Edit: June 08, 2021, 10:05:57 PM by Alex Atkin UK »
Logged
INTAKE (ECI) 1xHome Hub 5A on Zen, 1xECI Openreach on Plusnet, 1xHauwei B535-232 on Voxi 4G Router: pfSense (i5-7200U) WiFi: Ubiquiti nanoHD + Honor Router 3
My Broadband History & Ping Quality Monitors

tickmike

  • Kitizen
  • ****
  • Posts: 3521
  • Yes Another Penguin !. :)
    • Free Download from.

I have just tried to explain better in my first post what I want to achieve., so I have Edited the first post please all re-read.
I do not think 'Load Balancing' is the correct term.
Logged
I RECOMMEND TRYING PCLinuxOS (www.pclinuxos.com).
I have a set of 6 fixed IP's From my Kcom Business isp.
BT ADSL2 (G992.3) line>HG612 as a Modem, Bridge, WAN Not Bound to LAN1 or 2 >pfSense (Hardware Firewall and routing) > Ethernet LAN, DMZ,WiFI LAN and Spare LAN .
DSLstats LAN2 linked Ethernet

craigv

  • Member
  • **
  • Posts: 22

If I ever get FTTP I will want to load balance (Maybe it's not load balancing I want ?!) it with my ADSL2 connection (for my old emails).

So I have installed 'haproxy' on my spare pfSense firewall to test.

Anyone used it. ?

Edit..
I will have a ADSL2 3/0.7 and FTTP 100/20  So I will need Two WAN inputs to the firewall, this why I thought using 'haproxy' as it has that function.

For a max of 1 year I need to keep my Eclipse connection only for use of port 25 for my emails only.
The main internet access would be from the FTTP connection.
I have one pfSence firewall/router.
Looking for guidance how to achieve this.

So you're looking to share traffic across your two connections? pfsense has this built-in :) no need to install HAproxy, which I believe is more for balancing incoming traffic between servers. If that is the case, the docs are pretty good https://docs.netgate.com/pfsense/en/latest/multiwan/load-balance-and-failover.html.

Given the low adsl speed, I'd question whether there's any point sharing connection, but you may want to use it as a failover. Alex's advice regarding ensuring the Eclipse mail traffic goes over the ADSL connection sounds spot on to me though and will be needed if it can only be accessed over the ADSL connection.

C
Logged
RedHotAnt Unlimited 56k -> NTL 750kbit cable -> Virgin Size 4mbit cable -> Sky 5mbit ADSL -> Zen Internet 25mbit VDSL ->  Zen Internet 900mbit FTTP

tickmike

  • Kitizen
  • ****
  • Posts: 3521
  • Yes Another Penguin !. :)
    • Free Download from.

Thanks.
I will have a read though the doc's and try some settings on my spare pfSense also try Alex's idea.

Now just got to sort out my spare laptop which had updates yesterday and it killed the Ethernet card  >:D which I need to connect to this spare firewall for testing. :(
Logged
I RECOMMEND TRYING PCLinuxOS (www.pclinuxos.com).
I have a set of 6 fixed IP's From my Kcom Business isp.
BT ADSL2 (G992.3) line>HG612 as a Modem, Bridge, WAN Not Bound to LAN1 or 2 >pfSense (Hardware Firewall and routing) > Ethernet LAN, DMZ,WiFI LAN and Spare LAN .
DSLstats LAN2 linked Ethernet

Chunkers

  • Reg Member
  • ***
  • Posts: 489
  • Brick Wall head-banger

I load balance 2 WAN ADSL (PPPoE) connections on my pfsense router, I followed the guide here to set it up, it works fine. I don't use haproxy, not sure whether it would be better than my current setup, pfsense supports multi wan load balancing natively.

With my setup and without (much more expensive) bonded connections only a few kinds of applications can utilise the full bandwidth of both connections at the same time e.g. P2P type stuff.

In practice its not much of a problem though as it is generally transparent to users which connection they are using and pfsense does a pretty good job of managing load balancing and failover, just make sure you select the 'sticky connections' option when you set it up

C
« Last Edit: June 09, 2021, 05:50:51 PM by Chunkers »
Logged

Alex Atkin UK

  • Kitizen
  • ****
  • Posts: 2510
    • Thinkbroadband Quality Monitors

As mentioned, haproxy is for load balancing a single WAN to multiple LAN servers rather than the other way around which can be easily done using NAT rules.

Example, what I'm doing:
« Last Edit: June 09, 2021, 08:44:55 PM by Alex Atkin UK »
Logged
INTAKE (ECI) 1xHome Hub 5A on Zen, 1xECI Openreach on Plusnet, 1xHauwei B535-232 on Voxi 4G Router: pfSense (i5-7200U) WiFi: Ubiquiti nanoHD + Honor Router 3
My Broadband History & Ping Quality Monitors

tickmike

  • Kitizen
  • ****
  • Posts: 3521
  • Yes Another Penguin !. :)
    • Free Download from.

Thanks all.
I have still got to put this on hold as I need to get the Ethernet card working on my spare laptop to connect to pfSense .

A simple PCLinuxOS update has killed it and lots of other people are having grief trying to get things working again.
The joys of Linux  :(
Logged
I RECOMMEND TRYING PCLinuxOS (www.pclinuxos.com).
I have a set of 6 fixed IP's From my Kcom Business isp.
BT ADSL2 (G992.3) line>HG612 as a Modem, Bridge, WAN Not Bound to LAN1 or 2 >pfSense (Hardware Firewall and routing) > Ethernet LAN, DMZ,WiFI LAN and Spare LAN .
DSLstats LAN2 linked Ethernet
 

anything