Multi WAN & Multi VLAN
-
I added it as an alias in Firewall: Aliases:
It includes all my local subnets. I want clients on WIFI2 to have internet access but not local server access. You have to allow access to the pfSense DNS forwarder though otherwise they get no DNS.Steve
-
Hi Steve,
If you don't mind can I see your WAN2 Gateway setup/routing? and Aliases setup?another OOT question, how you display the image?
AFAIK you have to upload to```
http://img.uploadhouse.comthen``` [IMAGE]http://img.uploadhouse.com/image.jpg [/IMAGE ]is that correct?
Regards,
jgun -
I'm not sure what you mean by 'WAN2 Gateway setup/routing'. The firewall acts on traffic coming into the pfSense box via whatever interface you have applied the rule to. Therefore to do any policy routing on outgoing traffic you have to use the firewall rule on the interface that traffic enters the box, WIFI2 in the above example. There is nothing special about my WAN2 config, I'd be happy to take some screen shots though.
I've attached a shot of my aliases config. As you can see the LOCAL alias is really just to make the rules more readable, I could almost as easily type 192.168.0.0/16. I could have been less lazy and included only my own subnets rather than an entire /16. The Facebook alias though is far more convenient.
Posting images in-line with the text is almost as you suggested, img not image. It's Simple Machines Forum BB code.
I have been lazy, again, and just attached the image to the post.
Steve
-
Hi Steve,
I have add another LAN Card, device id xl2 -> WAN2bge0 -> for OPT VLAN90 and OPT VLAN91
xl0 -> WAN
xl1 -> LANCreate as WAN2, IP 10.10.10.123, Gateway 10.10.10.1
Rule for Interface OPT VLAN91
Local, Gateway OPT VLAN91 GW
!Local, Gateway WAN2GWI use 10.90.0.0 255.255.252.0 an 10.91.0.0 255.255.252.0
My ASA is 10.10.10.1 Connect via Switch.but seem connection still through WAN, not WAN2
According to your screenshoot did you name WAN2 Gateway as WAN2 also?
Thanks.
jgun -
I believe the gateway is automatically named after the interface it's associated with. I can't remember now I may have edited it but either way, yes the gateway on my WAN2 interface is also named WAN2.
I'm having trouble reading your firewall rules. Can you include a screen shot?
Steve
-
Steve,
where you upload the image? so I can upload at the same place also.
Thanks.
jgun -
My images are just attached to the post, they are stored on the forum.
Click the 'Additional Options' drop down when you are replying.Steve
-
Hi Steve,
Thank you for your concern.
Here is the screen capture and I am very sorry that I have to hide some information.
Thanks.
Regards,
jgun
-
Hi Steve (part 2),
Thank you for your concern.
Here is the screen capture and I am very sorry that I have to hide some information.
Thanks.
Regards,
jgun
-
Hmm, OK.
You should not have a gateway on your 'Mobile1' interface. Gateways should only be on WAN interfaces (or VPN connections).
You should not need a static route to the ASA on WAN2. pfSense will already have a route to that box via the WAN2 interface.
What do you have for your LocalIP alias?
Steve
-
Hi,
Gateway mobile1 is ip on layer 3 switch therefore vlan 190 can communicate with other vlan.and here is the capture of aliases.
Thanks
jgun
-
Do you have VLANs on your network other than Mobile1, Hotspot and CO? You have different subnets on the other side of your switch?
Adding a gateway to Mobile1 causes pfSense to treat it differently. If you have not changed anything it will be NATing traffic on that interface for example which you almost certainly don't want.
Steve
-
Do you have VLANs on your network other than Mobile1, Hotspot? Yes
You have different subnets on the other side of your switch? Yes, we have many vlan, but only some vlan that we route to pfsense.
I want mobile can connect to others vlan and also have different route to internet -
Ok, your network is more complex than I realised.
However you still don't want to have a gateway on Mobile1. Instead add static routes to your other subnets.
I'm not sure how that might work with clients on the mobile1 subnet though. Traffic would have to route in and out of the same pfSense interface and I'm not sure that's possible. :-\Steve
-
Still not working… I think I have to go to alternative, install another pfsense
-
When creating a static route the Network should not be in the same subnet as the Gateway, ie 10.10.10.0/24 and 10.10.10.1 in your case. In a static route the Gateway is an IP address that is directly reachable from a local network, while the Network is one that is not directly reachable, hence the use of a route and gateway.
What type of interface is WAN2 (dhcp, static, pppoe, et)? What is WAN2's IP address?
-
Hi,
IP Address WAN2 (Static) 10.10.10.123 /24
Gateway 10.10.10.1 /24I have tried to remove the static route as advice by Steve
Regards
Gunawan -
I think a diagram of your network could help to clear things up here.
Steve
-
When I setup WAN2, should I set the load balancer?
I have read several
