The pfSense Store

Author Topic: Problem accessing some websites with multi wan enabled  (Read 1217 times)

0 Members and 1 Guest are viewing this topic.

Offline Ozzik

  • Full Member
  • ***
  • Posts: 102
    • View Profile
Problem accessing some websites with multi wan enabled
« on: December 01, 2010, 01:44:14 am »
Hi,
probably this issue has already been discussed, but I couldn't find it.
Since sticky connections don't really work (at least in 1.2.3) I was wondering how can I access some websites while in Multi Wan.
Such sites include ebay, technet.microsoft, newegg. Just to clarify - I'm not talking about HTTPS, just regular HTTP.
When I try accessing them - they never end loading. I tried creating an alias for such websites and then directing them all to go through a particular gateway. This way it seems to work. But of course it's not very realistic - adding all the IPs of such huge websites.
Is there a solution for this issue? I'm sure lots of people experiencing this.

I'm aware of the solution, when each LAN subnet can be routed through a different gateway, but it's not very realistic for me today.

And another question, is there a way to add a hostname to an alias instead of an IP? (so that the firewall would do the resolving).

Thanks.

Offline Perry

  • Hero Member
  • *****
  • Posts: 1152
    • View Profile
Re: Problem accessing some websites with multi wan enabled
« Reply #1 on: December 01, 2010, 04:43:59 am »
I use failover pools as I don't see the point for using loadbalancing pools unless a download manager is in play.
I've created two failover pools (WAN2 has a faster download than WAN)
WAN2FailsToWAN Using a port alias with http https etc. (80, 443, 6667, 1935, 25, 143, 465, 993, 587)
WANFailsToWAN2 Doing everything else.

Quote
And another question, is there a way to add a hostname to an alias instead of an IP? (so that the firewall would do the resolving).
Nope
/Perry
doc.pfsense.org

Offline Ozzik

  • Full Member
  • ***
  • Posts: 102
    • View Profile
Re: Problem accessing some websites with multi wan enabled
« Reply #2 on: December 01, 2010, 05:12:45 am »
OK, I know it's an option, but most of the traffic at my office is HTTP and HTTPS. We have 3 x 10Mb lines and I'd like to use all of them, as we have about a 100 users surfing the net all day long.

Offline Perry

  • Hero Member
  • *****
  • Posts: 1152
    • View Profile
Re: Problem accessing some websites with multi wan enabled
« Reply #3 on: December 01, 2010, 06:08:20 am »
Let's say there is 20 users in 5 subnet's. I would split those 20 users in a subnet to 3 groups

Subnet 1:
User range 192.168.1.2-6 with a destination port alias (http and https) gateway WAN2FailsToWAN
User range 192.168.1.7-16 with a destination port alias (http and https) gateway WAN3FailsToWAN
User range 192.168.1.17-21 with a destination port alias (http and https) gateway WAN2FailsToWAN
WANFailsToWAN3 Doing everything else

Subnet 2:
User range 192.168.2.2-6 with a destination port alias (http and https) gateway WAN3FailsToWAN
User range 192.168.2.7-16 with a destination port alias (http and https) gateway WAN2FailsToWAN
User range 192.168.2.17-21 with a destination port alias (http and https) gateway WAN3FailsToWAN
WANFailsToWAN2 Doing everything else
/Perry
doc.pfsense.org

Offline Ozzik

  • Full Member
  • ***
  • Posts: 102
    • View Profile
Re: Problem accessing some websites with multi wan enabled
« Reply #4 on: December 01, 2010, 06:38:27 am »
I see. I was hoping for something more automatic, but I guess I'll have to wait for 2.0 and pray that sticky connection will work there. Anyway, thanks a lot! I'll keep that in mind.