Multi wan and multi lan config

tommyboy180

Hey Tolitz,
I do not have a direct answer for your situation however I have a suggestion to help you find your answer.
When I was putting my network together I couldn't find the best way to put everything together. Instead of creating down time I tested everything out on a VM. I was able to get exactly what I wanted by just messing around with the config and network setup.

I know its not an answer but it's what helped me.

Tolitz

hi tommyboy,
i tried the instructions from http://doc.pfsense.org/index.php/Special:Search?search=loadbalance&go=Go
i have another pfsense box and have been trying out the configs on this one but when i turned of the modem for my internet connections the fail over doesnt kick in.
thanks

tommyboy180

While I try to find a more suitable answer for you take a look at http://doc.pfsense.org/index.php/MultiWanVersion1.2#Setting_up_the_pools
The example shows you how to setup fail over and load balancing. You can apply the same thing in your case but with 3 WANs.

With this example you should be able to setup fail over (WAN1 to WAN2 | WAN2 to WAN3 | WAN 3 to WAN1)
Setup an outbound rule that forces your server to use WAN1's Gateway. This should get you started.

Tolitz

ok, i will try it. let you know what happens.
thanks

Tolitz

hey tommyboy,
got the failover working now…. still have to do the LAN1 <> LAN2 access as well as having LAN2 servers be access over the internet using NAT / public IPs.
thanks.

tommyboy180

Good.
Okay to get different trusted networks to be able to talk (Your LAN1 and LAN2) we have to make a firewall exception. Attached below are my firewall rules to get my LAN1 and LAN2 to be able to 'talk'. Let me know if this helps.

As you can see my first rule on each network is to allow all traffic to the other network.

lan-to-lan2.JPG_thumb

lan2-to-lan1.JPG_thumb

Tolitz

i think i got it, you just made the other lan internet traffic go to your other wan,
thanks.
:)

Tolitz

I got the LAN2 and LAN1 to access its other.
I am just wondering why when I am on LAN2 subnet I cannot ping the LAN2 interface (192.168.1.1) but can ping the LAN1 interface (192.168.2.1)?
Any ideas?

tommyboy180

Hmm. By any chance is ICMP Protocol not included in your firewall exception?

Tolitz

no, my rules are any ports
LAN1 IP = 192.168.1.1
LAN2 IP = 192.168.2.1

when I am on LAN1 i cannot ping 192.168.2.1 (LAN2 IP) and even when I on LAN2, I cannot ping 192.168.2.1
but on either LAN1 or LAN2 I can ping 192.168.1.1 (LAN1 IP)

any ideas?

tommyboy180

Can you ping LAN2 hosts from LAN1 or is it just the LAN2 Gateway that does not respond?

Tolitz

LAN1 (any host) to LAN2 pfsense interface and hosts - ping ok
LAN2 (any host) cannot ping pfsense LAN2 interface but can ping LAN hosts.

Only when I am in LAN2 that I cannot ping the LAN2 gateway (pfsense interface LAN2 IP)

any other hosts can ping both LAN1 and LAN2 pfsense interface