Summary
The situation covered here is about the needs of an internet/gaming center with 30 PCs. Due to the high cost of T3/T1/Leased line, we opted for a multiwan solution capable of providing sufficient bandwidth for 30+ users at a time, based on relatively cheap ADSL lines
概要
这里描述的环境是,中心有30台PC需要上网和游戏。由于T3/T1租用线路成本很高,我们选择一个基于很便宜的ADSL线路的multiwan方案,以为30+用户同时提供足够的带宽。
Details
So we've a pfSense setup with VLANs (on one NIC) engaging 5 ADSL lines + wifi + LAN, to a 3 NIC server (2 x 10/100 mboard integrated + 1 PCI Gbit). The server is an Intel Celeron with 1Gb RAM and 100Gb HD, in 1U rack case.
详情
因此,我们有一个pfSense设置了VLANs(在一个网卡上),使用一个3网卡服务器(2个10/100兆板载网卡+1个PCI千兆网卡 )连接5条ADSL线路+wifi+LAN。服务器的配置是赛扬CPU,1G内存和100G硬盘,安装在1U的机架式机箱。
PS:PCI接口的千兆网卡,带宽其实不够。
To accomplish this setup we employed a fairly cheap VLAN capable switch, connecting the ADSL modems and our VLAN dedicated nic. We dont use the same switch for LAN or wifi connectivity. LAN NIC is connected to our LAN switches and NIC dedicated to wifi connects directly with our access point.
Netgear Smart switch FS726T was our choice (http://www.netgear.com/Products/Switches/SmartSwitches/FS726T.aspx); we purchased this switch mid Dec. 2006 and we used it with no issues. Another pfsense user, pointed out to me that he faced issues with firmware prior to that date - so take this in consideration, and if you have problem with this hardware - upgrade to the latest firmware.
All ADSL modems/routers, configured to NAT all traffic to pfSense VLAN interfaces (using the DMZ server option of the modem to forward all traffic to pfSense interface IP).
Once you become familiar with your vlan switch you must setup your desired vlans. In our case we're only using the switch to connect our adsl lines with 1 of the server nics (10/100), as said above, so setup didn't take longer than 15 minutes.
We don't use the VLAN NIC directly.. we rather created vlans based on that nic.. vlan2 to vlan6. vlan2 --> wan, vlan3 --> opt1, and so on to vlan6 --> opt4 (we renamed opt1 to wan2, etc.)
为了完成这个设置,我们使用了一个相当便宜的VLAN交换机,连接众多ADSL猫和我们VLAN专用网卡。我们不使用同一个交换机连接LAN或wifi。LAN网卡是连接到我们的LAN交换机,委托给wifi的网卡直接连到我们的无线访问点。
网件智能交换机FS726T是我们的选择(http://www.netgear.com/Products/Switches/SmartSwitches/FS726T.aspx);交换机是在2006年12月中买的,而且我们一直使用它没有什么问题。有pfSense用户告诉我们,他使用在那个日期以前的固件遇到了问题---因此把这个考虑进来,如果你使用这个硬件有问题--更新它到最新固件。
配置所有的ADSL猫/路由器,NAT所有的流量到pfSense VLAN界面(使用猫中的DMZ服务器选项转发所有的流量到pfsense界面ip)。
在你熟悉你的Vlan交换机后,你应当配置你需要的vlans。在我们的案例中,我们只是使用交换机连接adsl线路和服务器的一个网卡(10/100),像前面所说的,这样的设置不会花费15分钟。
我们不直接使用VLAN网卡...我们是在这个网卡上创建vlans...vlan2到vlan6 。 vlan2-->wan,vlan3--->opt1,直到vlan6-->opt4(我们重新命名opt1为wan2,等等)。
WARNING
IMPORTANT and CRITICAL: USE CORRESPONDING VLAN ID numbers in your switch and pfSense otherwise nothing will work!
警告
重要和关键: 在你的交换机中使用相对应的VLAN ID数字,否则pfSense不会工作!
Meaning that if you create vlan2 to vlan6 in pfsense then you need to do the same in the switch (switch vlan2 to vlan6); don’t use vlan1 usually dedicated to switch administration by default.
意思是,你在pfSense中创建vlan2--vlan6,然后你需要在交换机中做同样的事情(交换机vlan2--vlan6);不要使用vlan1,默认情况下它经常专门用于交换机管理。
Our Netgear setup was straight forward.. we dedicated switch ports 1-5 to the adsl modem/routers and port 22 to connect directly with pfsense nic (the one we dedicated for vlans), creating : vlan2 = switch port1 <--> switch port22, to vlan6 = switch port5 <--> switch port22. A bit confusing in the beginning, but what is not??
Then we connected adsl modem1 to switch port1, modem2 to switch port2 and so on.. Every modem has an internal ip of type 192.168.x0.1/255.255.255.0, with DHCP server disabled.
So we configured modem 1 with ip 192.168.20.1; the resulting configuration for WAN at pfsense (vlan2 interface) is ip 192.168.20.10 (we gave all pfsense wans ips of type 192.168.x0.10) and GW 192.168.20.1 (our ADSL modem IP)..
我们的Netgear设置是直接的...我们使用交换机端口1-5连接adsl猫/路由器,端口22直连pfSense网卡(我们用来创建vlans的那个网卡),创建:vlan2=交换机口1<--> 交换机口22,直到 vlan6=交换机口5<--> 交换机口22。在开始有点混乱,但不是什么呢?
然后,我们把adsl猫1连接到交换机口1,adsl猫2连接到交换机口2,诸如此类。每个猫有个内网ip,如192.168.x0.1/255.255.255.0,并禁止DHCP服务器。
因此,我们把猫1的IP改为192.168.20.1;结果pfSense的WAN的ip配置(vlan2界面)配置为192.168.20.10(所有的pfSense wans的ip使用类型为192.168.x0.10),网关为192.168.20.1(我们的ADSL猫的ip)..
As you may see we left as it is FTP helper and the rest.
像你看到的那样,我们不填FTP helper和其他。
Modem 2 has LAN ip 192.168.50.1 and OPT1(renamed to WANB) at pfsense (vlan3 interface) with ip 192.168.50.10 and GW 192.168.50.1 (adsl modem's 2 ip)..and so on.
猫2的LAN ip是192.168.50.1,pfSense 的OPT1(重命名为WANB)(vlan3 界面)的ip是192.168.50.10,网关是192.168.50.1(猫2 的ip)..等等。
The LAN interface goes as following:
LAN界面如下所示:
So up to this point, we have achieved almost half the way.. all cabling done (good to use grounded cables connecting modem routers and pfsense with switch..) and we test communication with our pfsense box from within our LAN, using a browser at http://192.168.10.1 (pfsense LAN ip). What's missing now, apart to become very familiar of the logic that pfSense works (reading howtos like this one), is to: Setup our load balancer specifying how many, if not all, of our ADSL WANs our users will be using to go out internet. In our case we included all 5 ADSL lines into the same load balancer.
到目前为止,我们几乎完成了一半的工作...所有的接线完成(最好用接地的线缆通过交换机连接猫/路由器和pfsense...),而且我们在我们的LAN内测试和pfSense盒子的通讯,在浏览器地址内填入http://192.168.10.1(pfSense LAN ip)。
现在还缺什么,除了熟悉pfSense的工作逻辑(阅读 像这篇文章样的howtos),要做:
设置我们的负载平衡指定多少,如果不是所有,ADSL WANs给我们的用户使用以上网。在我们的案例中,我们把所有5条ADSL线路包含进同一个负载平衡器。