Use same gateway in multiwan by the same company
-
Hi good morning, I know that's beside pfsense here, but it
could do with pfsense would use linux based software.We use pfsense because truth is a gem and the protocol stack
TCP / IP handles it better than anyone. CPU and Memory Consumption amazing.
In addition to a multitude of options and flexibility you have.Well the fact is that the firewall share with colleagues who
around here, we have the same public IP range with the same
supplier, an example:- Our WAN -> 80.23.4.2 same ISP
- The WAN of them -> 80.23.4.3 same ISP
- WAN Gateway Provider -> 80.23.4.1 same ISP
Pfsense just let you define a gateway for each wan, this is a
problem since we want to get to the same gateway.Before posting, I've been trying things and even have looked at the
pfsense forum with "pfsense gateway MultiWAN same" but the
pfsense support say they can not …I tried in the rules section of the lan, set a rule
so that all traffic coming from the lan of them, send by
80.23.4.1 gateway, but does not throw.If so, just use a WAN gateway, we would look at other
smoothwall based alternatives such as Linux.http://www.smoothwall.org/about/
We do this for each network exit through the same gateway but with different public ips
Greetings and thanks.
-
I have a multi-WAN setup which uses the same gateway for both connections from the same ISP. It works fine out of the box.
-
it's impossible to do at this time. you'd have to put cheap NAT routers to circumvent this. (using the 'lan" ip of these routers as gateway).
people saying they have it working, generally haven't noticed that all traffic goes to 1 randomly selected interface that may or not change randomly over time/reboot/… ;)there is only 1 exception: pppoe (xDSL) will work with identical gateways.
-
Why not use VLAN's and use Outbound NAT to seperate the traffic?? Very easy!
-
it's impossible to do at this time. you'd have to put cheap NAT routers to circumvent this. (using the 'lan" ip of these routers as gateway).
people saying they have it working, generally haven't noticed that all traffic goes to 1 randomly selected interface that may or not change randomly over time/reboot/… ;)there is only 1 exception: pppoe (xDSL) will work with identical gateways.
You can add the same gateway twice on multiple interfaces and setup LAN rules to use a specific gateway.
If they have only a single ISP interface and a single gateway then it's simply a matter of configuring Manual Outbound NAT with one of the WAN addresses as Virtual IP addresses. Based on the source LAN IP address, pfSense can translate using a different WAN IP address. They would both use a single gateway.
-
jimp quote #1:
Re: Q: 2 WAN with same gateway not possible?
« Reply #3 on: December 22, 2011, 02:52:40 pm »Thanks!
Both of those links are for multiple gateways that are different (which we already support)
It is possible with PPPoE in 2.0.1.
On other types of interfaces, having the same gateway IP/MAC on multiple interfaces will not work as-is, but there are some ideas in the works to try. FreeBSD's support for ECMP is promising, but making that work with pf may be a bit of a challenge, if it's even possible.
Jimp quote #2
Re: Multi-WAN with same gateway (2.0-loadbalance)
« Reply #3 on: January 16, 2012, 05:24:57 pm »Thanks!
It isn't possible on 1.2.3 either. Using the same gateway on multiple interfaces has never been supported in that way.
-
The second option is still possible. He hasn't told us whether it's two WAN interfaces or 2 IP address on a single interface.
-
Would be two wan interfaces independent connected to the same switch:
1. WAN-1 -> 80.23.4.2 same ISP
2. WAN-2 -> 80.23.4.3 same ISP
3. WAN Gateway Provider -> 80.23.4.1 same ISPIs possible?
INTERNET:
LAN1 -> WAN1(80.23.4.2) –> GATEWAY(80.23.4.1) --> Whats my ip? 80.23.4.2
LAN2 -> WAN1(80.23.4.3) --> GATEWAY(80.23.4.1) --> Whats my ip? 80.23.4.3Thanks in advanced.
-
If they're both connected to the same switch then you only need one WAN interface. You can add the second IP address as a virtual IP address on the same WAN interface. You can then achieve what you want using Manual Outbound NAT rules.
-
OK, thanks for your response.
1. WAN-1 -> 80.23.4.2 same ISP
2. WAN-VIRTUAL-IP -> 80.23.4.3 same ISP
3. WAN Gateway Provider -> 80.23.4.1 same ISPINTERNET:
LAN1 -> WAN1(80.23.4.2) –> GATEWAY(80.23.4.1) --> Whats my ip? 80.23.4.2
LAN2 -> WAN-VIRTUAL-IP(80.23.4.3) --> GATEWAY(80.23.4.1) --> ADD-NAT-OUTBOUND Whats my ip? 80.23.4.3The ip public WAN 80.23.4.3 is now virtual alias ok??
The rule nat is automatic or manual?? Attach screenshot.
Thanks for all.
-
If you leave it on automatic, your custom rules will not work. Set it to manual.
-
You should select the WAN interface when creating the rules.
In the first rule set the source address to LAN1 subnet and choose translate using WAN interface address.
For the second rule set the source address to LAN2 subnet and translate using the virtual IP address.
-
Thank you very much for everything, when I can I will try it because it is the firewall that is in production.
Just a question, is dating LAN1 public ip I want correctly, which is the default.
It is compulsory / necessary put him 2 rules? one for one for LAN1 and LAN2?? Suffice not only put a single rule for the LAN?
Many thanks for your help.
-
You can use any number of LAN interfaces. I just assumed you had one LAN interface per company. You simply need to match the source IP in the NAT rules to control which LAN clients get translated using which public IP address.
You need one NAT rule per public IP address.
-
Many thanks!! It works!! Thanks for all.