Dual wan and dual subnet investigation

Rimsey

Hi, I don't actually use pfsense yet (waiting for my dual interface nics to arrive).

I am new to Linux, openBSD, FreeBSD but really looking forward to my first dabble with it.

The reason I wan't to use/try pfsense is I have a 2 internet connection setup something like below that i would like to move to a single box.

PC1
PC2 –> Router 1 (subnet 192.168.1.0) --> 10 meg connection (modem 1)
PC2
..

Server1
Server2 --> Router 2 (subnet 192.168.2.0) ---> 10 meg connection (modem 2)

Router 1 has ip address is 192.168.1.100 and and IP alias of 192.168.2.100
Router 1 has ip address is 192.168.2.200 and and IP alias of 192.168.1.200

This allows cross communication between subnets e.g 192.168.1.1 can talk to 192.168.2.5. e.g the PCs can administer the servers when needed.

Also with the IP alias if one of the connections goes down say modem 2, then I can simply change the gateway on the server to point to the moden 1 gateway and all is fine. (sort of a manual backup).

So basically 2 routers on different subnets, both connected to separate modems. I need to be able to surf through either gateway by changing the ip gateway on the pc or server. All pcs and servers should be able to communicate with each other across the subnets.

I don't need any sort of load balancing at all.

---

I have seen that pfsense will aloow me to use a dual wan, but will it let me achieve the other requirements for my network?

If so ... how? as i have read on the forums that VIPS interface alias is not available yet?

I would really appreciate any help I can get on this .... so thanks in advance for any answers.

Come on..... convert this MS man  ;)

hoba

Add a nic for each of your internal subnets or even place all machines in the same subnet. You can use policybased routing to send single IPs, ports, … to different gateways. It's rather easy. Just have a look at the firewallrules where you can specify a gateway per rule at the bottom.

Rimsey

I can't use the same subnet for the server as they are MS servers with 2 nics in each machine. One nic for internet access (heavy load ftp etc) and another nic for local pc access (media server). To accomplish this on ms servers you need each nic on a separate subnet.

Will firewall rules help? How will they help talking across subnets?

thanks for the reply

hoba

Then just build 2 internal subnets and allow traffic between them (you need 2 internal nics and 2 external nics in the pfsense then).

Rimsey

@hoba:

Then just build 2 internal subnets and allow traffic between them (you need 2 internal nics and 2 external nics in the pfsense then).

Tried but cant get the subnets to talk to each other….. could you expand a bit more on "Then just build 2 internal subnets and allow traffic between them"

e.g how do you do that?

thanks

hoba

You need to add pass rules at both interfaces to allow traffic from one subnet to the other and viceversa (depending how you want this to work, maybe pass any rules would be the easiest to start with)

Rimsey

I did that but still no go.  :(

hoba

Please post your firewallrules. There must be something missconfigured.