PFsense with Syswan SW88 Multi Wan Router in front

dschmid

Hello, I'm planning in Installation with seven 16000 DSL Lines. It's important that I can use Squid and Snort and probably Captive Portal on my Pfsense Box. So doing the Multi WAN Load Balancing/Failover Stuff on the Pfsense Box is no option. So I searched the Internet and found this Syswan Router for about 650 Bugs with up to 8! Wan Ports. The most Solutions I found only have 4 Ports for Wan or are much much more expensive. The Solution should look like this:

Has someone running a similar solution running doing Dual or Multi Wan on an other Box. I appreciate any hint and tip for setting up such a solution.

Guest

You would be far better served to use pfSense as your router/firewall, and offload snort and squid to separate boxes.

GruensFroeschli

Yeah this was my first thought too.
If you're already going to have 2 boxes, why not 2x pfSense?
Or pfSense for loadbalancing and another system for snort/squid if you cannot get it to run on pfsense.

dschmid

Hello, I only got an small IBM ThinkCenter as pfsense box and I have to connect seven DSL Modems to it. But I only got one nic for my internal and one for my wan. Is it possible to connect the modems to a switch wich supports vlan?

Perry

yes they just need to have a different gateways
http://pfsense.site88.net/mysetup/index.html

GruensFroeschli

Yes.
Or if the modems are in NAT/routing mode you could even have all their LANs in a single subnet and modify the config.xml manually so you balance between the LAN-IP's of the modems.
–> Different gateways as perry said.

[WAN] [WAN] [WAN] [WAN] [WAN] [WAN] [WAN]
Modem Modem Modem Modem Modem Modem Modem
| 172.17.10.2/24 | 172.17.10.4/24 | 172.17.10.6/24 |
[LAN] [LAN] [LAN] [LAN] [LAN] [LAN] [LAN]
172.17.10.1/24 | 172.17.10.3/24 | 172.17.10.5/24 | 172.17.10.7/24
| | | | | | |
| | | | | | |
–-----------------------------------------------------------------------------
switch
|
|
|
|
|
[WAN] 172.17.10.100/24
pfSense
[LAN] 10.0.0.1/24
|
|
|
clients

dschmid

The problem I've got is that I can't enable dmz on the cheap modem routers from the provider or can I forward all ports 1-65535 tcp/udp to the pfsense box?

GruensFroeschli

@dschmid:

Or can I forward all ports 1-65535 tcp/udp to the pfsense box?

Yes.
I have to do that on my modem at home too because it's a piece of shit (never came around to buy a better modem ^^" )

dschmid

OK I try this this weekend. Thank you very much.

dschmid

Sorry I forgot to ask how to insert the different gateways into the config.xml and activate Load Balancing.

GruensFroeschli

1: Create a balancing pool and add a dummy-entry.
2: Download the config.xml and find the part with the info you add.
3: Copy/Paste your dummy entry and fill in the real gateway/monitor IPs.

As monitoring IP use one of the immediate hops on your ISP's side.
You cannot have the same monitoring IP for different WANs.

4: Restore the config.xml.

Now your manually added infos should show up.