General Question pfsense MULTI WAN Rules and ERROR in Routes ?!

Nachtfalke

You have to set the rule in the right direction:

If the direction is from LAN to WAN, for example a Client should not connect to or ping google, then you must enter a LAN rule.

If you want, that someone from the internet/WAN should be ablte to connect to your LAN (Webserver, E-Mail-Server) then you must enter a WAN rule.

Remember: NO rules means everything is BLOCKED.
In general you do not want that someone from the WAN/internet should be able to connect to you LAN, therefor there should be no rules on WAN tab.

onkeldave83

at first thanks nachtfalke

hmmm,

have one more question.

when i added a second gateway…..

can i set a second static route with same network but other gateway?
this strange....one way, two gateways :??

i have only one lan but two isp gateways.....all user should use the first gateway and one user the second gateway.

thanks for help

Nachtfalke

Yes, you can. For every rule you could specify a gateway.

If you have more than one WAN, you should read more about "Load Balancing", "Multi WAN" and "Failover". I think this could be interesting for you.

REMEMBER:
The firewall rule take effect from top to down. The first rule which matches will be used.

SeventhSon

@onkeldave83:

at first thanks nachtfalke
i have only one lan but two isp gateways…..all user should use the first gateway and one user the second gateway.

that's policy based routing, you can make a firewall rule for this and select the appropriate gateway to use when a packet comes in from the one user.

onkeldave83

f.e.

routing

192.168.10.0/24   192.168.20.4    WAN
192.168.10.0/24   192.168.30.4    WAN2

and then in firewall LAN tab (top entries are dominating) one entry for this one user, how should use gateway two (wan2), with gateway entry to wan2

is it right?

AND…

load balancing...thats intressting yes right!
is it for two internetconnections....like trunking?

thanks a lot for your professional infos !!!!

Nachtfalke

For example, if you would like, that Host A with 192.168.10.25/24 should be routet over WAN2 it could look like this:

pass 192.168.10.25 * * * WAN2        This is for Host A over WAN2
pass 192.168.10.0  * * * WAN1        This is for all Hosts from 192.168.10.0/24

Load Balancing could be used for 2 or more interfaces. Its not really like trunking, its more like Bonding.
Seach the forum for Failover, Load Balancing and Multi-WAN. Check the pfsense docs, too.

onkeldave83

ok thanks nachtfalke!
i will try this!

i found good tutorials for load balancing and failover….

but there is a difference in it!
some make it with a bridge between the wan connections and some not.
what is the better way ?

thanks for help

Nachtfalke

Sorry. DOn't know when to use this in bridge mode.
I use it without bridge and I think this is the normal way to use Load Balancing. Perhaps there are special scenarios which need another configuration.

onkeldave83

with bridge interfaces, we are on osi layer 2 or?

Nachtfalke

Yes, bridging is Layer 2