Dual wan single lan with 2 servers behind NAT

bob76535 · Dec 16, 2009, 4:21 PM

I need to replace another failing (dlink) router in our office. We have killed 5 routers (of various flavors) in 3.5 years. We have two 6M down/1M up DSL connections with static IPs as we used to have 2 webservers in the office but we finally got one moved off port 80. Now that we don't have the 2 servers on 80 complicating the situation we are looking to go to a dual WAN router setup with BOD/LB and failover capability. The current situation is not providing us enough bandwidth for the users on WAN1 and since some are not wireless or need print/fileshare connections they are stuck there. The laptop users can jump to WAN2 when WAN1 is down or saturated if they don't need to print/fileshare but that leaves them hopping back and forth between networks and leave the wired users in the dark during an outage. I have a Draytek 3300v which does what we need but I would rather keep that for another adventure (boss can't afford to buy it and we don't need VOIP anyways). We have discussed building a pfsense solution to handle this. I have read the 2 tutorials and the various posts on this but I thought it would be best to run my plan by the forum to make sure its sound and I am not overlooking anything.

Here is what I want to set up:

Wan1 -> Bridged PPPoE DSL modem with static IP of 216.99.123.456 -> Intel 100M NIC #1 on pfsense box

Wan2 -> Bridged PPPoE DSL modem with static IP of 216.99.234.567 -> intel 100M NIC #2 on pfsense box

(both connections are from the same ISP but the IPs are not sequential if that matters)

The pfsense box will have an Intel GB NIC connected to a GB switch which will feed the lan

There will be a single lan (192.168.1.0/24) with the following:

Server 1 -> requires 80, 443, 21, 3389, 3306, 8181 all to be forwarded to this boxes internal static 192.168.1.x IP from the static IP of WAN1

Server 2 -> requires 8080, 53, 3391 all to be forwarded to this boxes internal static 192.168.1.y IP from the static IP of WAN2

Workstation1 -> requires 3393 to be forwarded to this boxes internal static 192.168.1.z IP from the static IP of WAN2

Workstation2 -> requires 3395 to be forwarded to this boxes internal static 192.168.1.m IP from the static IP of WAN2

etc, etc.

I realize that the port forwarding will fail on whichever connection goes down and thats fine.

14 devices with static ips (desktops, printers, NAS, company WAP, guest WAP, syslog server, etc)

7 laptops that will need a DHCP address assigned to them but need to use the same internal IP address every time (our current router does this by mac address - not for port forwarding just for tracking purposes).

I will set up the pools and such as per the tutorials.

Have I missed anything or am I asking pfsense for something unrealistic?

Thanks

Bob

SeventhSon · Dec 21, 2009, 10:46 PM

This is pretty much what i have running (multiple clients, multiple servers, dual wan, behind NAT).

@bob76535:

(both connections are from the same ISP but the IPs are not sequential if that matters)

Only thing that could be confusing: if both links are on the same subnet/router. The rest should be no problem for pfSense.