Topic: Adding a second WAN card to SME 7.4 for load balancing and failover

[pwalter]

I have a situation where a 7.4 server needs to have two WAN connections - one a high-speed primary connection, and one a lower-speed secondary connection (different ISP) for failover and outgoing load-balancing purposes. I have looked at specific hardware to do that (ex: Netgear FVS124G), but the hardware that I looked at *requires* that the server be put into server-only mode, and, for other reasons, I *must* run the server in server-gateway mode. Anyone have any suggestions or a HOWTO?

[jester]

This type of setup has been discussed several times before. It is not supported and although i believe i've seen reports that it has been done it required *heavy* customization (not recommended).

Would think about putting an other box in front of it, can recommend pfSense (does fail-over and load-balancing).

HTH.

[pwalter]

Would think about putting an other box in front of it, can recommend pfSense (does fail-over and load-balancing).

Thanks. I had considered putting another box in front - whether a specialist device like the Netgear I mentioned, or something like pfSense. However, I can't do that - my options are limited to configuring SME Server 7.4 to do it, or switching to Centos or something else. I understand that SME Server is about simplicity, but I think the distro is "grown up" enough that things like this should be supported at a very basic level, with perhaps the extra functionality being exposed by a contrib. Perhaps all that is needed is support for multiple cards, but you can only configure two through the admin interface. I am willing to suffer the *heavy* customization if necessary. Can anyone point me to a HOWTO? One existed some years back for 5.6, I believe.

[mmccarn]

The config below should give you what you're looking for; is there a reason it won't work?

Code: [Select]

Internet1        Internet2
     \              /
      \            /
 WAN_A \          /WAN_B
   load_balancing_router
            |LAN=10.0.0.1
            |
            |
            |WAN=10.0.0.2
        SME_Server
            |LAN=192.168.x.y
            |
        Your_LAN

[pwalter]

The config below should give you what you're looking for; is there a reason it won't work?

The reason is that the config you describe would work best with SME in server-only mode. If you used server-gateway mode, you would end up with double nat-ting. For other reasons, I am required to use server-gateway mode.

[girkers]

Looking at mmccarn's drawing does the Netgear router you mention have a DMZ function or you could just open up the firewall completely. There is no rule to say you have to use NAT unless the Netgear does not have an option to turn it off.

Looking at Netgear's website your device has been superseeded by FVS336G and just briefly looking at specs it say it can do "Classical Routing" and from what I did a quick search on I believe it can do what you want. (I hope)

I just think it will be easier to configure and maintain a separate box then have the problems of changing your SME server.

[janet]

pwalter

I am willing to suffer the *heavy* customization if necessary. Can anyone point me to a HOWTO? One existed some years back for 5.6, I believe.

This is probably what you are referring to.

http://distro.ibiblio.org/pub/linux/distributions/smeserver/contribs/rmitchell/smeserver/howto/High%20Availability%20How-To%20for%20Linux%20Mitel%20SME%20v5.htm

Also do an advanced search on these forums for discussion re more recent ways of achieving the same, go back a year or two or three.

[pwalter]

Girkers,

I just think it will be easier to configure and maintain a separate box then have the problems of changing your SME server.

Yes, I agree. However, you can't disable the NATting in the Netgear (or any similarly configured device) because you need to present only one WAN ip address to the SME server. I *must* run the SME server in server/gateway mode to avoid issues with PPTP and IPSEC VPNs.

Mary,

This is probably what you are referring to.

Thanks. It is what I was referring to.
I opened a new bug report for this issue, only to discover that there was an existing bug, already. I updated the existing bug at http://bugs.contribs.org/show_bug.cgi?id=2670 .