5 WAN on 3 Interface. How?
-
Hi everyone,
I'm Roberto.
I would like to use 5 wan router on my firewall which only has 3 nic interface for wan use thoughmy scenario is as follows:
my router owns 4 Nic interfaces
1 for LAN 192.168.200.0/21
2 for WANGW 172.21.71.2 GW 172.21.71.1
3 for OPT1GW 172.22.71.2 GW 172.22.71.1
4 for OPT1GW 172.23.71.2 GW 172.23.71.1My problem is that I have 2 other wan routers 172.24.71.2 and 172.25.71.2 respectively with GW 172.24.71.1 and GW 172.25.71.1
I tried to configure them by putting them on the same external switch together with OPT1GW as Virtual IP, I can ping their GWs but not ping outside on the internet.
Could someone please help me?Thanks
Roberto
-
@befree2
What's the sense of these IPs? They are all private IPs. Do each IP nat the traffic to a public one?I can ping their GWs but not ping outside on the internet.
Did you state the gateway in the interface settings on pfSense?
Does the router nat the traffic properly? -
@viragomann
Hi and thank you for replying.Yes, each ip on each router, nat to public IP addresses. (My isp provide it in that way, I can't use public ip address)
Yes, I state all gateways for each Interface. my question is how do I configure the other 2 routers not having nic interfaces?
If think the NAT is OK, I mean say, for the 3 Wan is working.I tried to use Virtual IP in CARP mode, for 172.24.71.1 and 172.25.71.1 I can ping the gateway but It won't go on internet
If you want, I could get you into the pfsense remotely to check it outSorry for my bad English.
Roberto
-
@befree2 How I would do it.. As long as these IPs from the different wan routers do not overlap.
Get a cheap 8 port smart switch.. run your isp routers into this switch on different vlans. Setup the vlans on on pfsense ..
You end up with say this.
I mean the better option would be to get a better router with more interfaces. But you can pick up a 8 port gig smart switch that can do vlans and lagg for like $40
Your vlans would be untagged going to the isp devices, and tagged going into pfsense. Setup the vlans on your lagg you setup. Easy Peasy Lemon Squeazy ;)
If your total bandwidth with all your isp isnt over gig, you could just get by with 1 port connected to pfsense from your switch with the vlans on it.
-
@befree2 said in 5 WAN on 3 Interface. How?:
I can't use public ip address
That's bad. pfSense could handle the public IPs quite well.
But with your setup you need to have each gateway (public IP) on an separate interface on pfSense, because there can naturally only be one gateway for the default route per interface.So the solution for your setup is to get a an VLAN capable switch as @johnpoz already illustrated very nice.
-
First of all, many thanks @virgomann and @johnpoz for answering me and giving me great solutions
I am not very familiar with Vlan but I will make it.
I will use one port on pfsense while on the switch (vlan support) I will use 3 ports.
Just long enough to find a suitable switch, I believe the netgear gs308t should go and I'll let you know.
In the meantime, many many thanks -
I'm starting to see how to configure interfaces. So is that correct?
-
@befree2
Yes, the VLANs are ok.
But some cheap switches cannot properly separate networks, when running tagged and untagged traffic on the same port. So you should better also turn the existing TIM1 on em3 network port into a VLAN. -
@viragomann
Ok I will VLAN 4 TIM1 -
@viragomann said in 5 WAN on 3 Interface. How?:
when running tagged and untagged traffic on the same port.
What switch is this - tplink has had issues with vlans for sure, not able to remove vlan 1 in the past.
But in all my years in networking have never seen an issue where you couldn't run a native vlan, ie untagged along with tagged vlans. Now you can only run 1 untagged vlan that is for sure. But you should be able to run 1 untagged vlan with other tagged vlans.
But in such a setup I would prob just run them all tagged. I don't see any advantage of running a native vlan in such a setup.
But sure if he had say a 5 port switch he could run run some of his wan into pfsense native, and then run the extra ones into a switch and tagg the traffic into 1 pfsense interface, etc.
Personally if was me, I would just get a better router with more interfaces ;) But if couldn't do that and I had to do such a setup.. I would do it as drawn with the lagg and the vlans over the lagg. This gives you most through put to any of the wan routers..
I really don't understand such a setup - I could see 2 wan, or maybe even 3 in ultimate failover sort of setup.. But I am curious to why anyone would want/need 5 different wan providers.. My "guess" is providers don't have away to bring in the bandwidth required on 1 line.. So have to have multiple lines.. If that is the case, then lagg on pfsense gives highest possible physical interface bandwidth that could be shared across the 5 wan connections.. So in theory you could hit 3gig.. Assuming that is the pfsense wan interfaces are gig ;)
-
@johnpoz
Hi,
first of all thank you for you help.
So, if Im not wrong I will setup pfsense as follow:em3 interface should be turn in lagg mode with the 3 vlans
and the netgear gs-308t seems to be the right one
https://www.netgear.it/support/product/gs308t.aspx
Once I get the switch at home I will setting up with untagged and tagged port ,
I will keep you informed if you don't mind.
Bye
Roberto -
@befree2 said in 5 WAN on 3 Interface. How?:
https://www.netgear.it/support/product/gs308t.aspx
Yeah that will do vlans and lagg, but for a lagg you need more than just 1 interface..
https://docs.netgate.com/pfsense/en/latest/interfaces/lagg.html
If your just going to use 1 interface, then no lagg would be setup and you would just setup vlans on it.
-
@johnpoz
Good morning. Ok, I will do it with no LAGG at the moment.
Thank you very much -
Hi,
everything is working fine now!!!
Here is the scenario after the Vlan were created
I did not create a LAGG because the switch they gave me doesn't support. That's why the LAGG port is still available.
Thank you everyone for supporting me.Bye
Roberto -
@befree2 said in 5 WAN on 3 Interface. How?:
the switch they gave me doesn't support.
And what switch is that? You said you were getting a gs308T which clearly supports lag per its manual
https://www.downloads.netgear.com/files/GDC/GS308T/GS308T_GS310TP_IG_EN.pdf
From what you posted - you have your vlans on a lag - with what 1 port? If your not going to use lag I would remove putting your vlans on it.. And just put the vlans on em3..
-
Hi.
I know but the client provide a GS108E ..... -
@befree2 well if the total bandwidth available from these 5 connections is less than gig - still seems crazy to me then it not really a problem.
Out of pure curiosity - why do they have 5 connections? Is there limit on what 1 connection can provide in form of bandwidth?
-
@befree2
Yes there is. ISP cannot provide a single connectivity and that's why we join all routers..
On pfsense I have set LOAD BALANCE to get more bandwidth and fail over as well -
Hi.
I got the GS308T Switch !!
What Should I create first the LAG o Vlan? I'would like to set port 1to 6 as Vlan3,4,5,6,7 and 8.
What LAGG ports to pfsense assuming that port 8 should be connected to PFsense wan port?
I'm struggling with that. Hope you can help.
In case we can use teamviewer ...
ThanksRobin
-
@befree2 unless your total bandwidth from the internet lines is over 1 gig, I would just go with no lagg - lagg adds complexity. I am a huge fan of the KISS principle (Keep it Simple Stupid) hehehe
Thought you said it was working with your other switch that didn't do lagg? Were you not seeing the full bandwidth your different isp lines can provide?
https://en.wikipedia.org/wiki/KISS_principle
Maybe because it originated in the Navy, and I'm ex-navy.. That was a bit before my time ;) but was still a saying when I was in during the 80s and 90s
