Multi-WAN on single network card
-
That will work fine, just add each of those IPs as a gateway under System > Routing
You can setup gateway groups then for LB or failover as you like.
-
That will work fine, just add each of those IPs as a gateway under System > Routing
It's good to know this should work! However at the moment I'm struggling so I'm probably doing something silly.
You can setup gateway groups then for LB or failover as you like.
I have created a group, but don't see how to "use" it. At present it has my unlimited connection as Tier 1, and my static IP connection as Tier 2. Changing these around seems to make no difference to any outbound connections (that could be a caching issue - what's the best way to test? I have squid proxy installed too, so www.whatismyip.com may not be the best way to check?) I can control which is the gateway via Interfaces -> WAN -> Gateway, but that doesn't seem the right way to do it for a group?
The biggest problem is that I can't work out my port forwarding to get my email in from the connection which is not my default gateway. If I add it under Firewall -> NAT (as viewed from the overview the settings for If/Proto/Src. addr/Src. ports/Dest. addr/Dest. ports/NAT IP/NAT Ports are WAN/TCP///*/25 (SMTP)/192.168.51.10/25 (SMTP)) then it works when I set the gateway (as above) to my static IP connection, but not otherwise. I can see that the firewall is allowing the connection through, I can only assume that the routing back is not going back through the same connection it came in from? I don't see where I am supposed to control this?
Thanks for your help! I've got way further in my experiments with pfSense than with IPCop and others and I'm sure it's me doing something wrong.
PS: I'm running on the latest code as available today.
-
The port forwards may be a little harder to get right, since they really need a reply-to field set for the gateway of the static line. I don't recall if you can set that manually or not.
You use the gateway groups under firewall rules, just add rules for what you want and select the gateway. Check the multi-wan tutorials for more details.
-
You use the gateway groups under firewall rules, just add rules for what you want and select the gateway. Check the multi-wan tutorials for more details.
This is where I get stuck.
The tutorials (that I've found anyway) expect me to set up different rules for my two WAN interfaces, but I only have one physical WAN interface on my pfSense box. This probably just means I need to create my firewall rules slightly differently, but I can't quite work out what to do and all my experiments so far have been wrong!
-
The firewall rules to direct outgoing traffic out specific WANs would be on LAN - just the gateway choice would be relevant.
-
The firewall rules to direct outgoing traffic out specific WANs would be on LAN - just the gateway choice would be relevant.
I'm sorry, I'm sure I'm being thick, but I'm just not clear what you're saying.
I'm looking here:
http://doc.pfsense.org/index.php/Multi_WAN_/_Load_Balancing#Port_Forwarding_and_Applications.. where the port forwarding rules are split between WAN and OPT1WAN2, which I can make sense of, but don't have two WAN's to work with.
-
Ah, well I was referring to outgoing traffic, not incoming.
What you might need to do is setup another virtual IP (CARP, Proxy ARP, or IP alias) on WAN to accept the incoming NAT requests from the second WAN, and have the second WAN router forward traffic to that VIP. Then you can use the VIP choices to distinguish between the WANs in the firewall rules, rather than by interface.
-
What you might need to do is setup another virtual IP (CARP, Proxy ARP, or IP alias) on WAN to accept the incoming NAT requests from the second WAN, and have the second WAN router forward traffic to that VIP. Then you can use the VIP choices to distinguish between the WANs in the firewall rules, rather than by interface.
Thanks, I thought that might be a way to go.
I've done this and have rules set up specifically for incoming connections from my static IP. However they still only work if the static IP connection is my default gateway.
If I change the gateway in my firewall rule to anything other than "default" I lose my connection regardless of what my default gateway is.
-
Yeah I wondered if that might happen, what it really needs is a way to add a "reply-to" tag on the rules for that incoming traffic, but I don't think we have a manual way to do that.
-
Yeah I wondered if that might happen, what it really needs is a way to add a "reply-to" tag on the rules for that incoming traffic, but I don't think we have a manual way to do that.
Is this something that would be on the "to-do" list?
I can work around it for now - pfSense is doing great things for me and I'd like to stick with it, ready to beta test the "reply-to" feature if it's coming!
Otherwise I could look at sticking an extra NIC into the box and doing things the "normal" way.
-
Not sure if that is on the to-do list for 2.0 or not, it isn't a scenario many people have gotten into yet since the functionality is still pretty new.
-
OK, it looks like I need to go down the extra NIC route.
Would there be any problem if both my WAN cards connected to the same network? Eg set WAN1 as 10.0.0.254 and WAN2 as 10.0.1.254, configure my ADSL routers accordingly, but connect WAN1, WAN2, and both routers to the same switch?
The pfSense box is in a different room from the routers so the cabling implications otherwise are a bit of a pain!
-
As long as you hardcode those IPs, it should be OK for them to be in the same subnet as long as their gateways are different.
