• MOVED: Initial Hardware Considerations

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • 0 Votes
    4 Posts
    3k Views
    jimpJ

    Ah, well then that is a little different. You should have mentioned that up front.

    I believe there are some other examples of configuring what you're after with DHCP on the forum here. I don't recall the specifics, but it wasn't an ideal situation.

  • Two pfSense firewalls, Two different ISPs, Failover

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    jimpJ

    No. You would need to have both WANs connected to both units for failover to work in that way.

  • Loadbalancing stops to work.

    Locked
    2
    0 Votes
    2 Posts
    1k Views
    jimpJ

    Anything show up in the system logs around the time of the failure?

    What does Status > Load Balancer show?

    You might also give a 2.0 snapshot a try, you can upgrade in-place. Be sure to make backups first, of course.

  • Multi VLANs for APs

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • How to setup "True Loadbalancing" via Multiple WANs?

    Locked
    5
    0 Votes
    5 Posts
    3k Views
    ?

    Do not reply to your own topic just to get it put back at the top.  If someone can help you, they will.  Jimp's answer is about as definitive as its going to get for now.

  • 3 Wans Load Balanced.

    Locked
    7
    0 Votes
    7 Posts
    4k Views
    ?

    Also your default allow rule at the top is going to work before any of the other 3 rules are hit, so they are superfluous.  Remember that pfSense works on first match wins.  Kill the rest of those firewall rules and on the default LAN allow rule change the gateway to reference your load balance rule.  Keep in mind that certain protocols do not play nicely with load balancing (SSL, SSH, RDP) so your clients using HTTPS will have issues.  Create a failover load balancing scenario (see the documentation) and create a firewall rule above your default allow rule with source any, destination any, destination port TCP 443 and use your failover pool as the gateway.  You can repeat this scenario so that WAN1 fails to WAN2 and WAN2 fails to WAN3.  Similarly, you can do this same thing for SSH or RDP if those are needed by your clients.

  • Multi-wan email gateway

    Locked
    8
    0 Votes
    8 Posts
    6k Views
    B

    jimp,

    just wanted to let you know,the two rule example you provided for blocking all outbound port 25 traffic,other than the actual mail server did the trick.
    we are no longer getting black listed on spamhaus. i am still running virus stuff on all the workstations,and as stated before,i do not see anything obvious in the states,as one source to many destinations connections.
    i even tried doing tcpdumps and watching and can not track down A pc,in particular,
    Thanks again for the help!

    Take Care,
    Barry

  • 0 Votes
    4 Posts
    3k Views
    P

    The way I do it is to have an alias with ports 22,80,443,1935,6667
    For that port alias create a rule using the default gateway
    below that, change the default rule to use wan2 gateway

    So no need to specify an lan ip.
    IMO if the above it's good enough then change the network to.

    wan –---          ---- lan
                pfSense
    wan2 ----          ---- lan2

  • 2xDSL WAN and 1 WAN over VPN? Possibel?

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    D

    You should be able to create an OpenVPN interface based off the OVPN client connection.  Add that connection to your loadbalance pool and assign the metric accordingly.

    However, you must realise that the additional connection is still limited by your WAN2 speeds (the WAN3, so to speak, still rides over WAN2's link).

  • Odd multi-WAN issue

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    M

    Sorry for the late reply, been on holiday. :)

    My hardware is a Atom N270 with 256Mb RAM, 2 RT GbE nics (http://tinyurl.com/3aclpoe) and a Intel Pro 100S, using the CF card slot to boot from, although, I'm not using the embedded version.

  • Multi-WAN Speed CAP?

    Locked
    2
    0 Votes
    2 Posts
    1k Views
    G

    can someone lend a hand, its kinda important

  • How to allow Openvpn trafiq to come via VirtualIp

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • How to set up a basic fail-rollover WIth 2 wans

    Locked
    8
    0 Votes
    8 Posts
    3k Views
    M

    That's normal as well. OPT1 could be a second LAN, thus the option to enable DHCP server on it's side.

    Under Status -> Interfaces does it show the OPT1 status as UP? Have you setup static IP and gateway or has it autoconfigured those if you use DHCP to receive those settings.

    Shoud look something like this:

  • MOVED: squid with choosen gateway

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • SOLVED:Routing problem after changing interfaces

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • Setting up small Inner office ISP

    Locked
    7
    0 Votes
    7 Posts
    3k Views
    X

    How soon are you planing on implementing this?
    Also make sure you can resell your service (not all business Internet service can be resold or given away)

    Heres some sample rules, what you need to do are block and allow rules at the top, then a block all rule at the bottom. So you block the them from accessing the other subnets:

    Proto Source Port Destination Port Gateway Schedule Description

    *              *       all lan ips   *        *                                
                                              but theirs

    and have it as a block rule then another so they cant touch(access its management ports) the firewall (theres an interface on each lan)

    Proto Source Port Destination Port         Gateway Schedule Description

    *              *       the ip of   ssh/https        *              
                                           the firewall  and http

    edit(accidentally tabbed to post)

  • Need help with routing a /24

    Locked
    2
    0 Votes
    2 Posts
    1k Views
    3

    Hi Ryan,

    Don't know if you solved it already, but adding a third nic and let it have the /24 network should be enough for it to work - at least on other firewalls. Haven't tried it in pfsense.

  • Multi WAN - Multi LAN

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    M

    I got my problem resolved.

    I couldn't understand why when i used the original setup wizard, the primary WAN and LAN were able to route traffic through each other.

    Turns out, those rules are hidden by default.

    If you go to Firewall - NAT - Outbound
    and select Manual rule generation, all of these rules become visible.

    Also, one must define valid traffic rules under Firewall - Rules.

    And setting up a Virtual IP of type "alias" resolved my need for the second external ip address.

  • Load Balance can use all GW at same time

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.