pfSense, load-balancing and YouTube

Posted by: Seb

23

April

One of the main interests of pfSsense is the possibility of load-balancing with multiple ADSL lines. However, it raises some issues with certain sites whose sessions are related to the client IP. Indeed, imagine that when one logs on a site with a login / password connection will be made on a first line but the display of the next page goes through a second: the site will see two IP addresses different and will assume that this is not the same session and the user will again be called to enter his login. We can create a rule in the firewall to force traffic to the IP of the site on a given line, which solves the problem.

Another example is the case of YouTube, which often display a message "Sorry, this video is no longer available". The video is actually there but the load-balancing break sessions ... The difficulty here is that YouTube has a large number of different IP addresses and it is difficult to create as many rules manually.

To remedy this, simply create an alias YouTube in pfSense that will include the IP address ranges used by YouTube. It will then create a rule in the firewall to redirect traffic to a single line.


Continue reading "pfSense, load-balancing and YouTube"

Tags: ,
2 comments

pfsense

Posted by: Seb

16

August

pfsense is an open source firewall with many exciting features. In particular it provides the ability to pool multiple WANs which will load balance the connections and get away with a line break. The pfsense I installed pools and two ADSL lines and public Oléane an SDSL line.

Besides its potential for router / firewall and sharing of lines, pfsense can establish a VPN (IPsec or OpenVPN), a DHCP server and is extensible via packages (Snort, Squid, FreeRADIUS, ntop, NMAP, etc. ).

It is possible to continuously monitor the flows upstream and downstream of each line using a small program called monomon, very useful to identify immediately cut a line or uploads / downloads abnormal.

Two limitations to keep in mind, access to external FTP servers is only possible on the first line WAN and it is not possible to connect to FTP servers over SSL.

pfsense is downloadable as an ISO and can be run from the CD-ROM or a flash card but can also be installed on the hard disk of the machine.

Pfsense >>
Monomon >>

Tags: , , , ,
0 comments

Translator

French flagItalian flagChinese (Simplified) flagEnglish flagGerman flagSpanish flagJapanese flagArabic flagRussian flagNorwegian flag

Blogs updated