• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

MultiWan, Briged Modems and Outbound NAT

Scheduled Pinned Locked Moved 2.0-RC Snapshot Feedback and Problems - RETIRED
4 Posts 2 Posters 2.0k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • M
    m4rcu5
    last edited by Jul 19, 2010, 7:51 PM

    Hi,

    I am struggling to get my setup working properly and i was hoping for some help.

    My setup:

    WAN01<–>Modem01 (10.0.0.1)<-->pfSense(DHCP)<-->LAN
    WAN02<-->Modem02(10.1.0.1)<-->pfSense(DHCP)<-->LAN

    I have configured a failover gateway group and assigned that to the default LAN rule.

    Now i would like to reach the 2 modems that have internal IP's on the WAN side. pfSense has a dynamic external ip on both of the interfaces, so i think i would need virtual ip's and outbound NAT.
    This is the point i got stuck. I don't exactly know which kind of IP and what to set in the Outbound NAT screen. I also think there will be some fw rules involved (am i correct?) so that the traffic for wan02 (the failover) is always send trough the right gateway and not trough the failover?

    Could someone help me figure out the right way to make this setup work? I would be very thankful!

    grtz, Marcus

    1 Reply Last reply Reply Quote 0
    • M
      m4rcu5
      last edited by Jul 21, 2010, 7:40 AM

      Maybe i placed it in the wrong section, i could be better under routing.
      But does nobody here know this kind of routing? I tried it again last night and with all my logic it seems correct, and i can ping it from pfSense, but not from the LAN.

      1 Reply Last reply Reply Quote 0
      • J
        jimp Rebel Alliance Developer Netgate
        last edited by Jul 21, 2010, 2:44 PM

        If you're using 2.0, everything goes under the 2.0 board and not the more specific ones, at least until it's released :-)

        You don't need anything fancy to reach those modems. Just add a firewall to the top of the LAN rules that will match them as a destination, but does not have a gateway set.

        You can't get there now because your gateway group is bypassing the normal routing, and could be sending the requests out of the "wrong" interface (e.g. going out WAN2 to reach WAN1's modem) since using a gateway on a rule bypasses the normal routing table.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • M
          m4rcu5
          last edited by Jul 22, 2010, 4:28 PM

          Okay got it working now.
          It was indeed the firewall rule that killed it all.

          For others looking into this, i had to do the following.
          1. Add an interface alias to the nic with an ip on the modem's lan range (eg 10.0.0.6/29).
          2. Set outbound NAT to advanced and add a rule to get any traffic with the modem's lan range as destination (eg 10.0.0.0/26) trough the virtual ip.
          3. Add another outbound NAT rule to let the normal traffic (any) with destination any go trough not interface default ip.
          4. Add a firewall rule to get traffic for the internal range (10.0.0.0/29) use the default gateway instead of the FailOver.

          The settings now look like this:
          Virtual IP:
          Virtual IP address  Type  Description 
          10.177.255.254/20    [IP Alias] M01 Subnet 
          10.0.0.6/29       [IP Alias] M02 Subnet

          Outbound NAT:
          Interface  Source  Source Port  Destination  Destination Port  NAT Address  NAT Port  Static Port  Description 
          WAN  any               *     10.177.240.0/20         *       10.177.255.254     *           NO          Outbound for M01 
          WAN  any               *               *                 *                 *             *            NO                Default Outbound WAN01 
          WAN02  any               *         10.0.0.0/29         *             10.0.0.6     *            NO          Outbound for M02 
          WAN02  any               *               *                 *                 *             *            NO          Default Outbound WAN02

          Firewall Rules:
          ID  Proto  Source  Port  Destination  Port  Gateway  Queue  Schedule  Description 
          *      GREEN net * 10.177.240.0/20 * *      none                 Modem 01 Route 
          *      GREEN net * 10.0.0.0/29 * *      none                 Modem 02 Route 
          *      GREEN net * *                * FailOver none                 Default allow LAN to any rule

          I hope i helped someone else by posting it  ;)

          grts, Marcus

          1 Reply Last reply Reply Quote 0
          1 out of 4
          • First post
            1/4
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
            This community forum collects and processes your personal information.
            consent.not_received