Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    MultiWan, Briged Modems and Outbound NAT

    2.0-RC Snapshot Feedback and Problems - RETIRED
    2
    4
    2.0k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      m4rcu5
      last edited by

      Hi,

      I am struggling to get my setup working properly and i was hoping for some help.

      My setup:

      WAN01<–>Modem01 (10.0.0.1)<-->pfSense(DHCP)<-->LAN
      WAN02<-->Modem02(10.1.0.1)<-->pfSense(DHCP)<-->LAN

      I have configured a failover gateway group and assigned that to the default LAN rule.

      Now i would like to reach the 2 modems that have internal IP's on the WAN side. pfSense has a dynamic external ip on both of the interfaces, so i think i would need virtual ip's and outbound NAT.
      This is the point i got stuck. I don't exactly know which kind of IP and what to set in the Outbound NAT screen. I also think there will be some fw rules involved (am i correct?) so that the traffic for wan02 (the failover) is always send trough the right gateway and not trough the failover?

      Could someone help me figure out the right way to make this setup work? I would be very thankful!

      grtz, Marcus

      1 Reply Last reply Reply Quote 0
      • M
        m4rcu5
        last edited by

        Maybe i placed it in the wrong section, i could be better under routing.
        But does nobody here know this kind of routing? I tried it again last night and with all my logic it seems correct, and i can ping it from pfSense, but not from the LAN.

        1 Reply Last reply Reply Quote 0
        • jimpJ
          jimp Rebel Alliance Developer Netgate
          last edited by

          If you're using 2.0, everything goes under the 2.0 board and not the more specific ones, at least until it's released :-)

          You don't need anything fancy to reach those modems. Just add a firewall to the top of the LAN rules that will match them as a destination, but does not have a gateway set.

          You can't get there now because your gateway group is bypassing the normal routing, and could be sending the requests out of the "wrong" interface (e.g. going out WAN2 to reach WAN1's modem) since using a gateway on a rule bypasses the normal routing table.

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 0
          • M
            m4rcu5
            last edited by

            Okay got it working now.
            It was indeed the firewall rule that killed it all.

            For others looking into this, i had to do the following.
            1. Add an interface alias to the nic with an ip on the modem's lan range (eg 10.0.0.6/29).
            2. Set outbound NAT to advanced and add a rule to get any traffic with the modem's lan range as destination (eg 10.0.0.0/26) trough the virtual ip.
            3. Add another outbound NAT rule to let the normal traffic (any) with destination any go trough not interface default ip.
            4. Add a firewall rule to get traffic for the internal range (10.0.0.0/29) use the default gateway instead of the FailOver.

            The settings now look like this:
            Virtual IP:
            Virtual IP address  Type  Description 
            10.177.255.254/20    [IP Alias] M01 Subnet 
            10.0.0.6/29       [IP Alias] M02 Subnet

            Outbound NAT:
            Interface  Source  Source Port  Destination  Destination Port  NAT Address  NAT Port  Static Port  Description 
            WAN  any               *     10.177.240.0/20         *       10.177.255.254     *           NO          Outbound for M01 
            WAN  any               *               *                 *                 *             *            NO                Default Outbound WAN01 
            WAN02  any               *         10.0.0.0/29         *             10.0.0.6     *            NO          Outbound for M02 
            WAN02  any               *               *                 *                 *             *            NO          Default Outbound WAN02

            Firewall Rules:
            ID  Proto  Source  Port  Destination  Port  Gateway  Queue  Schedule  Description 
            *      GREEN net * 10.177.240.0/20 * *      none                 Modem 01 Route 
            *      GREEN net * 10.0.0.0/29 * *      none                 Modem 02 Route 
            *      GREEN net * *                * FailOver none                 Default allow LAN to any rule

            I hope i helped someone else by posting it  ;)

            grts, Marcus

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.