pfSense, load-balancing and YouTube

Posted by: Seb

23

April

One of the main interests of pfSsense is the possibility of load balancing with multiple ADSL lines. However, it raises some problems with certain sites whose sessions are linked to the client IP. Indeed, suppose that when one logs in to a site with login / password the connection is being made on a first line but the display of the next page goes through a second: the site will see two IP addresses different and will consider that this is not the same session and the user will again be called to enter his login. You can create a rule in the firewall to force the traffic to the site IP on a given line, which solves the problem.

Another example is the case of YouTube, which often display a message "Sorry, this video is no longer available". The video is actually there but the case load balancing sessions ... The difficulty here is that YouTube has a large number of different IP addresses and it is difficult to create as many rules manually.

To remedy this, simply create an alias that will integrate YouTube into pfSense ranges of IP addresses used by YouTube. It will then create a rule in the firewall to redirect traffic to a single row.


Continue reading "pfSense, load-balancing and YouTube"

Tags: ,
2 comments

pfSense

Posted by: Seb

16

August

pfSense is a open source firewall with many features. In particular it offers the possibility of pooling several WANs which will load balance the connections and get away with a line break. The pfSense I rode pools and two ADSL lines and public SDSL Oléane.

Besides its potential as a router / firewall and sharing of lines pfSense can establish a VPN (IPsec or OpenVPN), a DHCP server and is extensible via packages (Snort, Squid, FreeRADIUS, ntop, NMAP, etc. ).

It is possible to monitor continuously flows up and down each line using a small program called monomon very useful to immediately identify a line cut or uploads / downloads abnormal.

Two limitations to keep in mind, access to external FTP servers is possible only on the primary WAN and it is not possible to connect to FTP over SSL.

pfSense is downloadable as an ISO and can be run from the CD-ROM or a flash card but can also be installed on the hard disk of the machine.

>> PfSense
>> Monomon

Tags: , , , ,
0 comments

Translator

French flagItalian flagChinese (Simplified) flagEnglish flagGerman flagSpanish flagJapanese flagArabic flagRussian flagNorwegian flag

Updated Blogs