Multiple WAN with one ethernet interface?

sai

you will not be able to use load balancing if all your WAN ip addresses are in the same subnet. If you get provate ip addresses in different subnets from the modems then you will be able to load balance properly

Perry

Let's say your nic is em0 then it will be the parent of all your vlan nic's and all the nic's you'll be using.
physical nic name -> vlan ID -> nic name -> your custom easy to remember name :)
em0 -> vlan tag ID 11 -> vlan0 -> wan
em0 -> vlan tag ID 22 -> vlan1 -> lan
em0 -> vlan tag ID 33 -> vlan2 -> opt1 (wan2)
em0 -> vlan tag ID 44 -> vlan3 -> opt2 (wan3)
em0 -> vlan tag ID 55 -> vlan4 -> opt3 (wan4)

Also, can any additional free ports on the switch be used for LAN (and remain behind the firewall)?

yes
port 5 is a member of vlan tag ID 11
port 3,4 and 7 is a member of vlan tag ID 22

paperkut

@sai:

you will not be able to use load balancing if all your WAN ip addresses are in the same subnet. If you get provate ip addresses in different subnets from the modems then you will be able to load balance properly

I think I may be able to do NAT on the modems, so I can assign IPs in different subnets to each port on the switch… will this do the job?

Perry, thanks for the explanation! It makes much more sense now, but I'll probably be back once I've got all the hardware.

Now for the hardware.. I'm thinking a mini-itx board would be best because of the compact form factor, but it's hard to come by one with a gigabit LAN port and stay inexpensive. They also come with all the bells and whistles I don't need..

Edit: hmm, these ALIX boards are rather appealing, any idea how much throughput they can support?

Perry

I think I may be able to do NAT on the modems, so I can assign IPs in different subnets to each port on the switch… will this do the job?

Yes

Now for the hardware.. I'm thinking a mini-itx board would be best because of the compact form factor, but it's hard to come by one with a gigabit LAN port and stay inexpensive. They also come with all the bells and whistles I don't need..
Edit: hmm, these ALIX boards are rather appealing, any idea how much throughput they can support?

http://forum.pfsense.org/index.php?action=search keywords throughput +alix.
Pro: very little power usages, nice little box
Con: no packages can be installed, no extra pci slot

The Intel Atom based mini ITX board with a Intel PRO 1000 GT (On board nic not supported) would give more speed. But i don't have any data on throughput and power usages.

blak111

What kind of cable modem will it be? Most of the cable modems are strictly layer 2 bridges and lack the capability to implement NAT. The only Surfboard that supports it is their all-in-one access point, router, cable modem (SBG900).

paperkut

I think I'll need to compromise either gigabit LAN or low power usage (and small form factor), this is because I need the PCI slot for a wireless card (if miniPCI is unavailable like on the mini-ITX boards)

Con: no packages can be installed, no extra pci slot

All the Alix boards allow you to substitute CF Microdrives, on which you can do a full pfSense install. The Alix1c has a PCI slot (albeit a riser is needed) which I can use for gigabit LAN.. so it just might be the ticket. The alix3c2 would be the best board because of its tiny form factor, but it's got no PCI (it does have two miniPCI slots though.. miniPCI gigabit LAN anyone?)

The Intel Atom based mini ITX board with a Intel PRO 1000 GT (On board nic not supported) would give more speed.

I checked those out and I came across this, I'm guessing I could use a dual riser to get a wireless card and the Pro 1000 GT.. but I'm not sure how well they'd both work from one PCI port. There was also this, Dual gigE Realtek 8110SC ports.. how do you think those would compare against an Intel Pro 1000 GT? These boards look nice but the cons I can think of are: large case, high power usage.

So at the end of the day I think I'll go with the Alix1c. The Alix3c2 is smaller, but its got no scalability (no gigE port/PCI slot). I could probably spec those mini-itx machines pretty cheaply too, but I've listed the cons.

What kind of cable modem will it be? Most of the cable modems are strictly layer 2 bridges and lack the capability to implement NAT. The only Surfboard that supports it is their all-in-one access point, router, cable modem (SBG900).

You're right, I've actually got a few cheap routers lying around here and I was going to hook each one up to the modems and put them in a DMZ, then do NAT from there.

I've got one more question regarding the IP configurations of the entire setup. If I'm getting this right, would this be a feasible setup:
6 modems/routers - each one connected to a port on the switch. The IP on each port would then be something like 192.168.10.1, 192.168.11.1, 192.168.12.1.. etc. The switch itself would have an IP 192.168.1.2 and the pfSense firewall would be on 192.168.1.1.. is this correct or am I completely off?

Thank you for your input so far.

Perry

The vesa kit with wireless sound like a good start. You can always buy a giga card later on.
As your network only contains 1 lan net a better enhancement in the further could be a giga switch, so data transfer between clients can go faster. pfSense -> vlan switch -> giga switch

I've got one more question regarding the IP configurations of the entire setup. If I'm getting this right, would this be a feasible setup:
6 modems/routers - each one connected to a port on the switch. The IP on each port would then be something like 192.168.10.1, 192.168.11.1, 192.168.12.1.. etc. The switch itself would have an IP 192.168.1.2 and the pfSense firewall would be on 192.168.1.1.. is this correct or am I completely off?

You could keep wan's & lan net's more visible separated, wans 10.0.10.1, 10.0.11.1 etc. and lan 192.168.1.1.
I also like to keep the switch on it's own net as i did in the guide.

AndrewBorem

I am not sure if you have purchased any hardware yet, but I have had reasonable success with a setup from jetway, that I purchase off of newegg.  I can put one of these boxes together for just under 300, shipped.  (this includes 1GB of RAM, a WAY too big 80GB HDD [that is the cheapest size at this point] and a 1.5 ghz C7 VIA processor.)  Let me post some links so you can see.

Case:  http://www.newegg.com/Product/Product.aspx?Item=N82E16811154084
Extension cable (for inside the case): http://www.newegg.com/Product/Product.aspx?Item=N82E16811154084
Mobo+proc:  http://www.newegg.com/Product/Product.aspx?Item=N82E16813153062
RAM: http://www.newegg.com/Product/Product.aspx?Item=N82E16820144151
HDD: http://www.newegg.com/Product/Product.aspx?Item=N82E16822210003
CD/DVD drive: http://www.newegg.com/Product/Product.aspx?Item=N82E16827106086

Total price:  (sans shipping)  233.94

If you are continental US it shouldn't be more than 25 dollars to ship.

(note, the mobo has two gig nics integrated.)

crashnburn

I need to figure out a set up like this.

paperkut

I'm hesitant to purchase one of those mini-itx setups mainly due to the size. The Alix board is perfect for me and I realized I probably won't be maxing it at 100mbit regardless, so theres no point worrying about gigabit lan.

I haven't purchased any equipment yet, will do in a week or two once I'm back in the states.

jhendra

to Perry the link of my setup was cannot be open…
thanks

jhendra

i wanna tell if the link that Mr.Perry give to step by step configuration HP 1800-8G switch is cannot be open… is there any other links to that?
thanks

Perry

link fixed