Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Split protocol/port handling between WANs

    Scheduled Pinned Locked Moved Routing and Multi WAN
    1 Posts 1 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      gadyke
      last edited by

      Hi Guys,

      For reasons beyond my control (mostly location), I am annually forced to serve between 50 and 150 concurrent connections via a single 5Mbit/.5Mbit ADSL line; pfSense has proven useful in mitigating the strain this load places on the connection but at the upper end of that range there's really not much you can do to prevent a generally shitty user experience for all involved (these are users who are expecting [and are granted by my overlords] unfettered access to the internet and who complain at the restrictions we do place, i.e. no streaming or media-heavy browsing.)

      This year, for the first time, I have the opportunity to have two lines, still 5/.5 each, rather than the one. I initially intended to simply set up a gateway group, but given that the most serious issues experienced by the more senior staffers (the users whose needs I can't really ignore or blag out of) include a loss of access to off-site corporate e-mail I had another thought:

      I took note a long time ago of the ability within pfSense firewall rules to classify client (LAN->WAN) connection requests by port and wondered whether there was any technical reason, whether within pfSense itself or more generally, that I couldn't use the second line for 'essential' sessions, e.g.all ICMP traffic and TCP/UDP ports 53, 110, 995, 143, 993, 25 and 465 (i.e. DNS and common mail ports) via preceding firewall rules, while retaining ADSL1 for general and unclassified sessions?

      [edit: I have seen various guides on policy based routing, my question is more whether doing this arbitrarily in response to usage patterns would result in any issues or whether the fact that the policies apply indiscriminately across all sessions is enough for the user not to notice]

      On a less hopeful note, a large proportion of the staffers in question prefer the use of web-based corporate e-mail, does anyone have any bright ideas for piping that out too while leaving the facebook >:( behind?

      Thanks,

      -GD

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.